Mike Sensney wrote:
>
> The only Samba packages I'm aware of are Koon Wong's.
> http://lrp.c0wz.com/files/kwarchive/
>
> From the /etc/smb.conf file in smb.lrp:
>
> # Samba config file created using SWAT
> # from wpkgate.kc.com.my (202.184.173.241)
> # Date: 1999/01/30 22:26:31
>
> # Global parameters
> workgroup = LINUX-GRP
> netbios name = myserver
> encrypt passwords = Yes
> update encrypted = Yes
> log file = /var/log/samba/log.%m
> guest account = pcguest
> hosts allow = 202.184.173.
> <<<<snip>>>>
>
> This does use the exploitable %m variable.
However..... This default setting in Koon's package is NOT
exploitable...
Reading onwards...
> >> IMPORTANT: Security bugfix for Samba
> >> ------------------------------------
> >>
> >> June 23rd 2001
> >>
> >>
> >> Summary
> >> -------
> >>
> >> A serious security hole has been discovered in all versions of Samba
> >> that allows an attacker to gain root access on the target machine for
> >> certain types of common Samba configuration.
> >> The most commonly used log file configuration containing %m is the one
> >> distributed in the sample configuration file that comes with Samba:
> >>
> >> log file = /var/log/samba/log.%m
> >>
> >> in that case your machine is not vulnerable to this attack unless you
> >> happen to have a subdirectory in /var/log/samba/ which starts with the
> >> prefix "log."
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
