Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible SAMBA Vulnerability

Posted by michael on Thursday November 21, 2002 @04:43AM from the apt-get-time-again dept.

veg writes "The samba team have released 2.2.7 following the discovery of a secureity hole in versions 2.2.2 to 2.2.6 that could lead to remote root access. Eeek! Full story on the samba site"

1 of 32 comments (clear)

Min score:

Reason:

Sort:

Re:When by Jeremy+Allison+-+Sam · 2002-11-21 06:04 · Score: 5, Interesting

Eloy Paris and Steve Langasek (spelling?) of the Debian
Samba community were chasing a user reported core dump bug
and they noticed the problem.

They reported it to security@samba.org, and I fixed it that
night (with a perfectly correct CVS comment that also failed
to point out the security hole :-).

We then worked with the Linux vendors via the vendorsec
mailing list to ensure they were all aware of the problem
and could issue updates at the same time we announced. Once
we'd tested the release, we pushed the button and released...

That is a nice textbook case of how Open Source/Free Software
security can work.

Cheers,

Jeremy Allison,
Samba Team