{"vuid":"VU#670568","idnumber":"670568","name":"Samba creates temporary files insecurely","keywords":["Samba","temporary","tmp","temp","more","mput","print","queue","smb","smbclient"],"overview":"Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification.","clean_desc":"Samba is an implementation of the Server Message Block (SMB) protocol. Some versions of samba handle temporary files in an insecure manner that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world-writable permissions, allowing any user to enter their own data.","impact":"By modifying arbitrary files, an attacker may gain elevated priveleges. By corrupting files or devices, an attacker may cause denial of service.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"Deinstall the Samba package.","sysaffected":"","thanks":"This vulnerability was first reported by Marcus Meissner of Caldera.","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/2617","ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:36.samba.asc","http://www.linuxsecurity.com/advisories/freebsd_advisory-1314.html","http://www.redhat.com/support/errata/RHSA-2001-086.html","http://www.linuxsecurity.com/advisories/redhat_advisory-1369.html","http://www.linuxsecurity.com/advisories/mandrake_advisory-1319.html","http://www.linuxsecurity.com/advisories/other_advisory-1307.html","http://www.linuxsecurity.com/advisories/other_advisory-1362.html","http://www.linuxsecurity.com/advisories/debian_advisory-1302.html","http://www.linuxsecurity.com/advisories/other_advisory-1305.html","http://www.linuxsecurity.com/advisories/other_advisory-1298.html","http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt"],"cveids":["CVE-2001-0406"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-18T12:42:27Z","publicdate":"2001-04-23T00:00:00Z","datefirstpublished":"2001-09-17T19:24:41Z","dateupdated":"2001-09-17T19:24:46Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"13.359375","cam_scorecurrentwidelyknown":"16.03125","cam_scorecurrentwidelyknownexploited":"26.71875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.359375,"vulnote":null}