An alert was mailed out regarding weaknesses in samba which
allows outside users to gain root access. Samba (smbd,nmbd) allows
Linux (& other systems) to share files & printers with Windows & other
platforms. If you have a Linux PC on site you should check to see if
samba is installed and/or secure. A program to exploit this bug is
already publicly available.
To see if samba is installed on RedHat 4.2 run :
rpm -q samba
You then have at least two choices. ->
(1) If you don't need or use samba, remove it from your system :
rpm -e samba
(2) If you must have samba, get the updated version :
(* I'm assuming RedHat 4.2 is installed. *)
Get the patch from redhat :
ftp://ftp.redhat.com/pub/redhat/updates/4.2/i386/samba-1.9.17p2-1rh.i386.rpm
There are more security patches on their web page :
http://www.redhat.com/support/docs/rhl/rh42-errata-general.html
Then install the patch as root with :
rpm -U samba-1.9.17p2-1rh.i386.rpm
I hope that my syntax is correct. Please mail me otherwise.
Thanks,
Mike J
--
Michael C Johnson (email : mjohnson@cebaf.gov)
Office : 757-269-5216 Pager : 757-680-8538
Jefferson Lab (Thomas Jefferson National Accelerator Facility)
MS 12H
12000 Jefferson Avenue
Newport News, VA, 23606