Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
BID:9637
Info
Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
| Bugtraq ID: | 9637 |
| Class: | Design Error |
| CVE: |
CVE-2004-0082 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2004 12:00AM |
| Updated: | Aug 05 2010 07:45PM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
Samba Samba 3.0.1 Samba Samba 3.0 alpha Samba Samba 3.0 Samba Samba 3.0.0 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 3 |
| Not Vulnerable: |
Samba Samba 3.0.2 |
Discussion
Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
The mksmbpasswd.sh shell script that is shipped with Samba is reported prone to a vulnerability. The issue results in the creation of insecure user accounts.
A remote attacker may exploit this issue by accessing a Samba share using an insecure account that was created using the affected script.
The mksmbpasswd.sh shell script that is shipped with Samba is reported prone to a vulnerability. The issue results in the creation of insecure user accounts.
A remote attacker may exploit this issue by accessing a Samba share using an insecure account that was created using the affected script.
Exploit / POC
Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
Solution:
Red Hat has released an advisory (RHSA-2004:064-10) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may employ the up2date utility to retrieve appropriate fixes, further information can be found in the referenced advisory. Red Hat have stated that after the update is applied, "/sbin/service winbind condrestart" must be run as root to restart the winbind daemon.
Fedora has released advisory FEDORA-2004-074 dealing with this issue.
The vendor has released an upgrade to address this issue:
Samba Samba 3.0
Samba Samba 3.0 alpha
Samba Samba 3.0.1
Solution:
Red Hat has released an advisory (RHSA-2004:064-10) and fixes to address this issue in Red Hat enterprise products. Customers who are subscribed to the Red Hat Network may employ the up2date utility to retrieve appropriate fixes, further information can be found in the referenced advisory. Red Hat have stated that after the update is applied, "/sbin/service winbind condrestart" must be run as root to restart the winbind daemon.
Fedora has released advisory FEDORA-2004-074 dealing with this issue.
The vendor has released an upgrade to address this issue:
Samba Samba 3.0
-
Fedora samba-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-3.0.2-7.FC1.i386.rpm -
Fedora samba-client-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-client-3.0.2-7.FC1.i386.rpm -
Fedora samba-common-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-common-3.0.2-7.FC1.i386.rpm -
Fedora samba-debuginfo-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm -
Fedora samba-swat-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-swat-3.0.2-7.FC1.i386.rpm -
Samba Samba 3.0.2
http://samba.org/samba/whatsnew/samba-3.0.2.html
Samba Samba 3.0 alpha
-
Fedora samba-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-3.0.2-7.FC1.i386.rpm -
Fedora samba-client-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-client-3.0.2-7.FC1.i386.rpm -
Fedora samba-common-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-common-3.0.2-7.FC1.i386.rpm -
Fedora samba-debuginfo-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm -
Fedora samba-swat-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-swat-3.0.2-7.FC1.i386.rpm -
Samba Samba 3.0.2
http://samba.org/samba/whatsnew/samba-3.0.2.html
Samba Samba 3.0.1
-
Fedora samba-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-3.0.2-7.FC1.i386.rpm -
Fedora samba-client-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-client-3.0.2-7.FC1.i386.rpm -
Fedora samba-common-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-common-3.0.2-7.FC1.i386.rpm -
Fedora samba-debuginfo-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm -
Fedora samba-swat-3.0.2-7.FC1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /samba-swat-3.0.2-7.FC1.i386.rpm -
Samba Samba 3.0.2
http://samba.org/samba/whatsnew/samba-3.0.2.html
References
Samba Mksmbpasswd.sh Insecure User Account Creation Vulnerability
References:
References: