Bug 6763 - CVE-2009-2813 - Misconfigured /etc/passwd file may share folders unexpectedly
CVE-2009-2813 - Misconfigured /etc/passwd file may share folders unexpectedly
Status: RESOLVED FIXED
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.0
Other Linux
: P3 normal
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-25 20:12 UTC by Jeremy Allison
Modified: 2012-03-17 00:26 UTC (History)
0 users

See Also:


Attachments
Samba 3.0.36 patch (1.60 KB, patch)
2009-09-25 20:12 UTC, Jeremy Allison
no flags Details
Samba 3.2.14 path (1.41 KB, patch)
2009-09-25 20:13 UTC, Jeremy Allison
no flags Details
Samba 3.3.7 patch (1.41 KB, patch)
2009-09-25 20:13 UTC, Jeremy Allison
no flags Details
Samba 3.4.1 patch (1.42 KB, patch)
2009-09-25 20:13 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2009-09-25 20:12:28 UTC
===========================================================
== Subject:     Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#:     CVE-CVE-2009-2813
==
== Versions:    All versions of Samba later than 3.0.11
==
== Summary:     If a user in /etc/passwd is misconfigured to have
==		an empty home directory then connecting to the home
==		share of this user will use the root of the filesystem
==		as the home directory.
===========================================================

===========
Description
===========

If a user in /etc/passwd is misconfigured to have an empty home
directory (::) and the automated [homes] share is enabled, or an
explicit share is created with that username, then any client connecting
to that share name will be able to access the whole filesystem from
root (/) on downwards, subject to local file system permissions
applied to the connecting user.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

(Karolin: can you fill in this part?)

==========
Workaround
==========

Do not configure users in /etc/passwd with a blank home
directory field.

=======
Credits
=======

Originally reported by J. David Hester of LCG Systems National
Institutes of Health and forwarded to the Samba Team by Apple
Computer Inc.

Patches provided by Apple and Jeremy Allison of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
Comment 1 Jeremy Allison 2009-09-25 20:12:59 UTC
Created attachment 4748 [details]
Samba 3.0.36 patch
Comment 2 Jeremy Allison 2009-09-25 20:13:17 UTC
Created attachment 4749 [details]
Samba 3.2.14 path
Comment 3 Jeremy Allison 2009-09-25 20:13:33 UTC
Created attachment 4750 [details]
Samba 3.3.7 patch
Comment 4 Jeremy Allison 2009-09-25 20:13:53 UTC
Created attachment 4751 [details]
Samba 3.4.1 patch
Comment 5 Jeremy Allison 2009-09-25 20:14:22 UTC
All patches submitted for security fix.

Jeremy.
Comment 6 Karolin Seeger 2009-10-01 07:45:39 UTC
Patch is included in 3.0.37, 3.2.15, 3.3.8 and 3.4.2.
Patch for master/v3-5-test is missing.
Jeremy, please push that one to master and v3-5-test also and close out the bug report after that.

Thanks a lot!
Comment 7 Jeremy Allison 2009-10-01 12:26:26 UTC
Pushed to master and v3-5-test.
Jeremy.