Info

Disclosure

Feb 09, 2004

Discovery

Feb 09, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

Samba contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when smbmnt is setuid root, and the permissions are not strippped. This flaw may lead to a loss of confidentiality, integrity and/or availability.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Remove the setuid bit from "smbmnt"

Products

Andrew Tridgell	Samba	3.0.0
		3.0.1
		3.0.2

References

Security Tracker: 1009000
Secunia Advisory ID: 10842
ISS X-Force ID: 15131
CVE ID: 2004-0186 (see also: NVD)
Bugtraq ID: 9619
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0238.html
http://marc.theaimsgroup.com/?l=full-disclosure&m=107637416515809&w=2
http://www.securitytracker.com/alerts/2004/Feb/1009000.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3916

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Andrew Tridgell

Samba

References

Credit