Author: kseeger Date: 2010-03-08 14:36:30 -0700 (Mon, 08 Mar 2010) New Revision: 1408
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1408 Log: Add security advisory Karolin Added: trunk/security/CVE-2010-0728.html Changeset: Added: trunk/security/CVE-2010-0728.html =================================================================== --- trunk/security/CVE-2010-0728.html (rev 0) +++ trunk/security/CVE-2010-0728.html 2010-03-08 21:36:30 UTC (rev 1408) @@ -0,0 +1,69 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2010-0728: </H2> + +<p> +<pre> +=========================================================== +== Subject: Allowing all file system access even when +== permissions should have denied access. +== +== CVE ID#: CVE-2010-0728 +== +== Versions: 3.3.11, 3.4.6 and 3.5.0 +== +== Summary: This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE +== capabilities, allowing all file system access to be allowed +== even when permissions should have denied access. +=========================================================== + +=========== +Description +=========== + +This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE +capabilities, allowing all file system access to be allowed +even when permissions should have denied access. + +Please note this security problem does not affect any platform that does +not support capabilities and platforms where binaries were built without +libcap support. +Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x +versions are NOT affected. + + +================== +Patch Availability +================== + +A Patch addressing this issue has been posted to: + + http://www.samba.org/samba/security/ + +Additionally, Samba 3.3.12, 3.4.7 and 3.5.1 have been issued +as security releases to correct the defect. Samba administrators are +advised to upgrade to these releases or apply the patch as soon +as possible. + +========== +Workaround +========== + +None available + + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</pre> +</body> +</html>