Gentoo Security Advisory GLSA 200404-21 (samba)

Summary
The remote host is missing updates announced in advisory GLSA 200404-21.
Solution
All users should update to the latest version of the Samba package. The following commands will perform the upgrade: # emerge sync # emerge -pv '>=net-fs/samba-3.0.2a-r2' # emerge '>=net-fs/samba-3.0.2a-r2' Those who are using Samba's password database also need to run the following command: # pdbedit --force-initialized-passwords Those using LDAP for Samba passwords also need to check the sambaPwdLastSet attribute on each account, and ensure it is not 0. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-21 http://bugs.gentoo.org/show_bug.cgi?id=41800 http://bugs.gentoo.org/show_bug.cgi?id=45965 http://www.securityfocus.com/archive/1/353222/2004-04-09/2004-04-15/1 http://seclists.org/lists/bugtraq/2004/Mar/0189.html
Insight
There is a bug in smbfs which may allow local users to gain root via a setuid file on a mounted Samba share. Also, there is a tmpfile symlink vulnerability in the smbprint script distributed with Samba.