svn commit: samba-web r1408 - in trunk/security: .

kseeger at samba.org kseeger at samba.org
Mon Mar 8 14:36:30 MST 2010


Author: kseeger
Date: 2010-03-08 14:36:30 -0700 (Mon, 08 Mar 2010)
New Revision: 1408

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1408

Log:
Add security advisory
Karolin
Added:
   trunk/security/CVE-2010-0728.html


Changeset:
Added: trunk/security/CVE-2010-0728.html
===================================================================
--- trunk/security/CVE-2010-0728.html	                        (rev 0)
+++ trunk/security/CVE-2010-0728.html	2010-03-08 21:36:30 UTC (rev 1408)
@@ -0,0 +1,69 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2010-0728: </H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Allowing all file system access even when
+==		permissions should have denied access.
+==
+== CVE ID#:     CVE-2010-0728
+==
+== Versions:    3.3.11, 3.4.6 and 3.5.0
+==
+== Summary:     This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+==		capabilities, allowing all file system access to be allowed
+==		even when permissions should have denied access.
+===========================================================
+
+===========
+Description
+===========
+
+This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
+capabilities, allowing all file system access to be allowed
+even when permissions should have denied access.
+
+Please note this security problem does not affect any platform that does
+not support capabilities and platforms where binaries were built without
+libcap support.
+Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x
+versions are NOT affected.
+
+
+==================
+Patch Availability
+==================
+
+A Patch addressing this issue has been posted to:
+
+    http://www.samba.org/samba/security/
+
+Additionally, Samba 3.3.12, 3.4.7 and 3.5.1 have been issued
+as security releases to correct the defect.  Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==========
+Workaround
+==========
+
+None available
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>



More information about the samba-cvs mailing list