View Full Version : USN-702-1: Samba vulnerability

January 5th, 2009, 09:20 PM
Referenced CVEs:

================================================== =========Ubuntu Security Notice USN-702-1 January 05, 2009samba vulnerabilityCVE-2009-0022============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.4In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Gunter Höckel discovered that Samba with registry shares enabled did notproperly validate share names. An authenticated user could gain access to theroot filesystem by using an older version of smbclient and specifying anempty string as a share name. This is only an issue if registry shares areenabled on the server by setting "registry shares = yes", "include = registry",or "config backend = registry", which is not the default.

More... (http://www.ubuntu.com/usn/USN-702-1)