From a3b7d4ae115565dcdd84bab390ddce509bc0da26 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 13 Oct 2004 12:25:56 +0000 Subject: [PATCH] r2944: applying changes from the 2.2.12 release --- WHATSNEW.txt | 63 ++++++++++++++++++++++++++++++++++++++++++++++-- source/include/version.h | 2 +- source/smbd/vfs.c | 1 - 3 files changed, 62 insertions(+), 4 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1df01c397c1..32038e1054a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,65 @@ ============================== + Release Notes for Samba 2.2.12 + Sept 29, 2004 + ============================== + + +######################## SECURITY RELEASE ######################## + +Summary: Potential Arbitrary File Access + +Affected +Versions: Samba 2.2.x + +Summary: A remote attacker may be able to gain access + to files which exist outside of the share's + defined path. Such files must still be readable + by the account used for the connection. + +CVE ID: CAN-2004-0815 + (http://cve.mitre.org/) + +This is the last stable release of the Samba 2.2 code base. +There will be no further Samba 2.2.x releases. + +------------- +CAN-2004-0815 +------------- + +A bug in the input validation routines used to convert DOS +path names to path names on the Samba host's file system +may be exploited to gain access to files outside of the +share's path defined by smb.conf. + + +Protecting Unpatched Servers +---------------------------- + +Samba file shares with 'wide links = no' (a non-default +setting) in the service definition in smb.conf are *not* +vulnerable to this attack. + +The Samba Team always encourages users to run the latest stable +release as a defense of against attacks. However, under certain +circumstances it may not be possible to immediately upgrade +important installations. In such cases, administrators should +read the "Server Security" documentation found at +http://www.samba.org/samba/docs/server_security.html. + + +Credits +-------- + +Both security issues were reported to Samba developers by +iDEFENSE (http://www.idefense.com/). Karol Wiesek is +credited with this discovery. + +-- + +Older releases notes for 2.2.x distributions follow + + ------------------------------------------------------ + ============================== Release Notes for Samba 2.2.11 Aug 12, 2004 ============================== @@ -17,8 +78,6 @@ The Samba 2.2.11 release addresses the following bug: issuing FindFirstPrintChangeNotify(). -Older releases notes for 2.2.x distributions follow - ------------------------------------------------------ ============================== Release Notes for Samba 2.2.10 diff --git a/source/include/version.h b/source/include/version.h index bf2d96a7d89..69ef8a62de7 100755 --- a/source/include/version.h +++ b/source/include/version.h @@ -1 +1 @@ -#define VERSION "2.2.11" +#define VERSION "2.2.12" diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c index c72a9a28874..3d3fb9c39ef 100644 --- a/source/smbd/vfs.c +++ b/source/smbd/vfs.c @@ -784,7 +784,6 @@ BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks) *dir2 = *wd = *base_name = *newname = 0; if (widelinks) { - unix_clean_name(s); /* can't have a leading .. */ if (strncmp(s,"..",2) == 0 && (s[2]==0 || s[2]=='/')) { DEBUG(3,("Illegal file name? (%s)\n",s)); -- 2.11.4.GIT