Bug 1024 - smbmount root exploit
smbmount root exploit
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: distribution (Show other bugs)
5.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
http://samba.sernet.de/linux-lan/
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-02-01 22:18 EST by revelant
Modified: 2009-11-04 07:38 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-02-02 11:48:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description revelant 1999-02-01 22:18:33 EST
On the website http://samba.sernet.de/linux-lan/ I found the
following info about an exploit


     A smbmount root exploit has been posted to bugtraq.
Apply this patch to your smbmount.c, and recompile is your
smbfs utilities.
     smbfs-2.0.2 has this patch applied.

The version of smbfs in the Red Hat 5.2 dist is 2.0.1-4.
There is no update for smbfs in the errata list at
www.redhat.com/errata.

Could you verify the truth of this (I have not run the
exploit myself) and release an update if appropriate.

Sources can be found at the above web site, although I have
no idea how authoritative they are.
Comment 1 Aleksey Nogin 1999-02-02 01:52:59 EST
AFAIK, by default smbfs RPM installs smbmount without suid bit set, so
it should not be possible to exploit it.
Comment 2 Bill Nottingham 1999-02-02 11:48:59 EST
What he said.
smbmount isn't installed suid root, so the bug isn't exploitable
on Red Hat.
Comment 3 Fedora Update System 2009-07-10 15:23:27 EDT
sugar-toolkit-0.84.5-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/sugar-toolkit-0.84.5-1.fc11
Comment 4 Fedora Update System 2009-11-04 07:38:29 EST
sugar-toolkit-0.84.5-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.