Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible SAMBA Vulnerability

Posted by michael on from the apt-get-time-again dept.

veg writes "The samba team have released 2.2.7 following the discovery of a secureity hole in versions 2.2.2 to 2.2.6 that could lead to remote root access. Eeek! Full story on the samba site"

3 of 32 comments (clear)

  1. Re:typical rant ahead by xchino · · Score: 3, Insightful

    I would justify it being posted here. It hasn't been found to be exploitable, even by the samba team. They have, however released a new version to correct this (as well as add a few features and fixes), showing excellent mode of quality control exceeding that which often even proprietary software vendors fail to meet, in an OpenSource model. Just a thought...

    --
    Everyone is entitled to their own opinion. It's just that yours is stupid.
  2. Re:When by mithras+the+prophet · · Score: 5, Insightful
    We then worked with the Linux vendors via the vendorsec mailing list to ensure they were all aware of the problem and could issue updates at the same time we announced. Once we'd tested the release, we pushed the button and released...

    What about Apple? Do you work directly with them? I would wager that the millions of Mac OS X-equipped Macs sold each year are rapidly making Apple the #1 distributor of Samba...

    --
    four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
  3. Re:Funny... by elno · · Score: 2, Insightful

    I think is a matter of relevance :
    IE holes come in a "combo meal" Detail Desc + sample + any side item + toy ( If you want to play with the sample code )

    This samba hole on ther other hand does not even have a concrete way to take advantage of.

    From samba.org:
    A security hole has been discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release.