-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
When translating SIDs to/from names using Samba local
list of user and group accounts, a logic error in the
smbd daemon's internal security stack may result in a
transition to the root user id rather than the non-root
user. The user is then able to temporarily issue SMB/CIFS
protocol operations as the root user. This window of
opportunity may allow the attacker to establish additional
means of gaining root access to the server.
A patch against Samba 3.0.23d/3.0.24 has posted at
http://www.samba.org/samba/security/
There is no immediate workaround for this defect that does
not involve changing the server code in the smbd daemon.
The Samba Team always encourages users to run the latest
stable release as a defense against attacks. If this
is not immediately possible, administrators should read
the "Server Security" documentation found at
http://www.samba.org/samba/docs/server_security.html
This vulnerability was reported to Samba developers by Paul
Griffith <[email protected]> and Andrew Hogue. Much thanks
to Paul and Andrew for their cooperation and patience in the
announcement of this defect. Thanks also to Samba developers
James Peach and Jeremy Allison for the analysis and resolution
of this issue.
The time line is as follows:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGR5W7IR7qMdg1EfYRAsv9AJ9KfUWTcyiDhLEDeIKJFGXaAWvk1gCff+0j
FFgPmJhGBosBPSadj+bPpgw=
=ruFz
-----END PGP SIGNATURE-----