Bug 36424

Summary: security hole allows a user with a shell account to corrupt local devices
Product: [Retired] Red Hat Linux Reporter: Daniel Roesen <dr>
Component: sambaAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.1CC: pekkas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-05-09 12:08:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Roesen 2001-04-18 07:59:15 UTC 
From http://de.samba.org/samba/samba.html:

(17th April 2001) Samba 2.0.8 released - SECURITY FIX

Samba 2.0.8 has been released. This release fixes a
locally exploitable security hole in Samba 2.0.7 that
allows a user with a shell account to corrupt local
devices (such as raw disks). Samba 2.2.0 includes all the
security fixes as well, so only install 2.0.8 if you do not
wish to upgrade to 2.2.x just yet.
Comment 1 Pekka Savola 2001-05-09 12:08:02 UTC 
Doh.  Go for samba 2.0.9. :-/ 

[ http://lwn.net/daily/samba-2.0.9.php3 ]
Comment 2 Bill Nottingham 2001-05-15 21:29:06 UTC 
Fixed in the samba-2.0.8 errata releases.