Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Wed Apr 18 2001 - 22:42:49 CDT
> Can Tridge or anyone else confirm whether or not this bug was present in
> Samba versions earlier than 2.0.7 ?
The bug was introduced into the CVS tree on June 27th 1997. That means
all versions from (and including) 1.9.17alpha4 are
vulnerable. Amazingly, the bug went undetected through several
security audits by various companies over the last 4 years.
The impact of the bug varies a little between versions. In the 2.0.7
release the exploit is only easy (and perhaps only possible, but I
won't guarantee it) if you are exporting printer shares. In either
case, we consider it a serious enough risk that all sites should
upgrade as soon as possible, especially if you have untrusted users
with shell accounts.
Note that the bug is not a race condition. Given the right conditions
the exploit will be successful first time every time. (ie. it is not a
classic mktemp race)