Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible SAMBA Vulnerability

Posted by michael on Thursday November 21, 2002 @04:43AM from the apt-get-time-again dept.

veg writes "The samba team have released 2.2.7 following the discovery of a secureity hole in versions 2.2.2 to 2.2.6 that could lead to remote root access. Eeek! Full story on the samba site"

2 of 32 comments (clear)

Min score:

Reason:

Sort:

When by Bob+Zer+Fish · 2002-11-21 05:17 · Score: 2, Interesting

When was this vulnerability discovered? People are always comparing Microsoft to OpenSource in the speed of the correction of security flaws. I was wondering if anyone knew, so that I could see if Microsoft is *-that-* bad, or if they're getting better.
1. Re:When by Jeremy+Allison+-+Sam · 2002-11-21 06:04 · Score: 5, Interesting
  
  Eloy Paris and Steve Langasek (spelling?) of the Debian
  Samba community were chasing a user reported core dump bug
  and they noticed the problem.
  
  They reported it to security@samba.org, and I fixed it that
  night (with a perfectly correct CVS comment that also failed
  to point out the security hole :-).
  
  We then worked with the Linux vendors via the vendorsec
  mailing list to ensure they were all aware of the problem
  and could issue updates at the same time we announced. Once
  we'd tested the release, we pushed the button and released...
  
  That is a nice textbook case of how Open Source/Free Software
  security can work.
  
  Cheers,
  
  Jeremy Allison,
  Samba Team