First published: Tue Feb 21 2012(Updated: )
Samba is an open-source implementation of the Server Message Block (SMB) or<br>Common Internet File System (CIFS) protocol, which allows PC-compatible<br>machines to share files, printers, and other information.<br>The default Samba server configuration enabled both the "wide links" and<br>"unix extensions" options, allowing Samba clients with write access to a<br>share to create symbolic links that point to any location on the file<br>system. Clients connecting with CIFS UNIX extensions disabled could have<br>such links resolved on the server, allowing them to access and possibly<br>overwrite files outside of the share. With this update, "wide links" is<br>set to "no" by default. In addition, the update ensures "wide links" is<br>disabled for shares that have "unix extensions" enabled. (CVE-2010-0926)<br>Warning: This update may cause files and directories that are only linked<br>to Samba shares using symbolic links to become inaccessible to Samba<br>clients. In deployments where support for CIFS UNIX extensions is not<br>needed (such as when files are exported to Microsoft Windows clients),<br>administrators may prefer to set the "unix extensions" option to "no" to<br>allow the use of symbolic links to access files out of the shared<br>directories. All existing symbolic links in a share should be reviewed<br>before re-enabling "wide links".<br>These updated samba packages also fix the following bug:<br><li> The smbclient tool sometimes failed to return the proper exit status</li> code. Consequently, using smbclient in a script caused some scripts to<br>fail. With this update, an upstream patch has been applied and smbclient<br>now returns the correct exit status. (BZ#768908)<br>In addition, these updated samba packages provide the following<br>enhancement:<br><li> With this update, support for Windows Server 2008 R2 domains has been</li> added. (BZ#736124)<br>Users are advised to upgrade to these updated samba packages, which correct<br>these issues and add this enhancement. After installing this update, the<br>smb service will be restarted automatically.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/samba | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/libsmbclient | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/libsmbclient | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/libsmbclient-devel | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/libsmbclient-devel | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-client | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-common | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-common | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-debuginfo | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-debuginfo | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-swat | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-client | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
redhat/samba-swat | <3.0.33-3.37.el5 | 3.0.33-3.37.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.