Slashdot Mirror
Possible SAMBA Vulnerability
veg writes "The samba team have released 2.2.7 following the discovery of a secureity hole in versions 2.2.2 to 2.2.6 that could lead to remote root access. Eeek! Full story on the samba site"
← Back to Stories (view on slashdot.org)
The samba team have released 2.2.7 following the discovery of a secureity hole in versions 2.2.2 to 2.2.6 that could lead to remote root access.
So, basically, they're vacillating on the question of full SMB compatibility?
-- MarkusQ
Eloy Paris and Steve Langasek (spelling?) of the Debian
:-).
Samba community were chasing a user reported core dump bug
and they noticed the problem.
They reported it to security@samba.org, and I fixed it that
night (with a perfectly correct CVS comment that also failed
to point out the security hole
We then worked with the Linux vendors via the vendorsec
mailing list to ensure they were all aware of the problem
and could issue updates at the same time we announced. Once
we'd tested the release, we pushed the button and released...
That is a nice textbook case of how Open Source/Free Software
security can work.
Cheers,
Jeremy Allison,
Samba Team
What about Apple? Do you work directly with them? I would wager that the millions of Mac OS X-equipped Macs sold each year are rapidly making Apple the #1 distributor of Samba...
four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
If you can craft an exploit for this, please
mail it to me and we'll talk about getting you
working full time on Samba.
Yes, it could crash smbd (for the authenticated
user) but causing it to run code is another matter.
We couldn't work out how to do that, but hey, I'm
willing to believe you might know how. Show me.
Or are you just mouthing off with no expertise to
back it up ?
Regards,
Jeremy Allison,
Samba Team.