Mandrake Linux Security Advisory : samba (MDKSA-2004:035)
High Nessus Plugin ID 14134
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system.
The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem.
SolutionUpdate the affected packages.