Bug 1024

Summary: smbmount root exploit
Product: [Retired] Red Hat Linux Reporter: revelant
Component: distributionAssignee: David Lawrence <dkl>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 5.2CC: revelant
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://samba.sernet.de/linux-lan/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-02-02 16:48:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description revelant 1999-02-02 03:18:33 UTC
On the website http://samba.sernet.de/linux-lan/ I found the
following info about an exploit


     A smbmount root exploit has been posted to bugtraq.
Apply this patch to your smbmount.c, and recompile is your
smbfs utilities.
     smbfs-2.0.2 has this patch applied.

The version of smbfs in the Red Hat 5.2 dist is 2.0.1-4.
There is no update for smbfs in the errata list at
www.redhat.com/errata.

Could you verify the truth of this (I have not run the
exploit myself) and release an update if appropriate.

Sources can be found at the above web site, although I have
no idea how authoritative they are.

Comment 1 Aleksey Nogin 1999-02-02 06:52:59 UTC
AFAIK, by default smbfs RPM installs smbmount without suid bit set, so
it should not be possible to exploit it.

Comment 2 Bill Nottingham 1999-02-02 16:48:59 UTC
What he said.
smbmount isn't installed suid root, so the bug isn't exploitable
on Red Hat.

Comment 3 Fedora Update System 2009-07-10 19:23:27 UTC
sugar-toolkit-0.84.5-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/sugar-toolkit-0.84.5-1.fc11

Comment 4 Fedora Update System 2009-11-04 12:38:29 UTC
sugar-toolkit-0.84.5-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.