Bug 1024 - smbmount root exploit
Summary: smbmount root exploit
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: distribution
Version: 5.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL: http://samba.sernet.de/linux-lan/
Depends On:
TreeView+ depends on / blocked
Reported: 1999-02-02 03:18 UTC by revelant
Modified: 2009-11-04 12:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-02-02 16:48:57 UTC

Attachments (Terms of Use)

Description revelant 1999-02-02 03:18:33 UTC
On the website http://samba.sernet.de/linux-lan/ I found the
following info about an exploit

     A smbmount root exploit has been posted to bugtraq.
Apply this patch to your smbmount.c, and recompile is your
smbfs utilities.
     smbfs-2.0.2 has this patch applied.

The version of smbfs in the Red Hat 5.2 dist is 2.0.1-4.
There is no update for smbfs in the errata list at

Could you verify the truth of this (I have not run the
exploit myself) and release an update if appropriate.

Sources can be found at the above web site, although I have
no idea how authoritative they are.

Comment 1 Aleksey Nogin 1999-02-02 06:52:59 UTC
AFAIK, by default smbfs RPM installs smbmount without suid bit set, so
it should not be possible to exploit it.

Comment 2 Bill Nottingham 1999-02-02 16:48:59 UTC
What he said.
smbmount isn't installed suid root, so the bug isn't exploitable
on Red Hat.

Comment 3 Fedora Update System 2009-07-10 19:23:27 UTC
sugar-toolkit-0.84.5-1.fc11 has been submitted as an update for Fedora 11.

Comment 4 Fedora Update System 2009-11-04 12:38:29 UTC
sugar-toolkit-0.84.5-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.