Slashdot Mirror


Samba Exploit Discovered, Fixed

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

10 of 221 comments (clear)

  1. Re:8 Years?? by Anonymous Coward · · Score: -1, Flamebait

    You suck, dude. This is why I'll never go with Open Source. A silly apology with a frown smily won't cover my losses in the real world.

  2. Re:Feature? by tealover · · Score: -1, Flamebait

    You are a joke. Instead of spending all your time cataloguing all of MS's bugs, why don't you spend some time auditing your own code. Perhaps then we'd have a useful product and then we'd respect you enough to trust your word.

    I wish you'd act in a professional way for once.

    --
    -- You see, there would be these conclusions that you could jump to
  3. Re:so... by Anonymous Coward · · Score: -1, Flamebait

    Anyone who runs anything on Linux with internet access is very much a fool.

  4. Re:I blame Microsoft by Mr.+Nigger · · Score: 0, Flamebait

    If I ever met you, I would tie you down, shit on your face, fuck your asshole until it bled, and then I would burn your body and jerk off on the ashes.

  5. Why the hell by HermanZA · · Score: 0, Flamebait

    would anyone connect a Samba server directly to the internet anyway? This is only an exploit of stupidity, of which there are many.

  6. Re:I definitly "had a case of the mondays"!@! by Mr.+Nigger · · Score: 0, Flamebait

    Hey faggot, don't reply to your own posts... It lets people know how gay you are.

  7. Re:Feature? by treat · · Score: -1, Flamebait
    If you choose not to believe me without exploit code then that's up to you, but I will not act in an unprofessional way to prove a point.

    Keeping a major security hole secret -is- extremely unprofessional. That you admit to keeping them secret makes me question the responsibility of yourself and the entire Samba team.

  8. Re:Feature? by Red+Avenger · · Score: 0, Flamebait

    Show me please. They are my vendor and as far as I am concerned have always done a bang up job in customer service. If theres a problem I will let them know and they will fix it. I highly doubt your statement without any backup. To complain about MS when its YOUR shoddy code's fault is absolutely unprofessional. You are on public record for absolutely ravaging MS whatever they do. What a fricking hypocrit.

    "Hmmm, I screwed up really bad... Better play that MS card."
    -Jeremy Allison

    Mod me down please but this is the exact double standard that seems to pervade Slashdot and every GPL nut that I talk to. If there are ever any problems whatsoever its all Microsofts fault. Give me a break.

    Send code to:
    theredavenger@hotmail.com

    and I can communicate with you on your wonder crash for w2k server.

  9. Re:Feature? by Anonymous Coward · · Score: -1, Flamebait

    Well you're a no-nothing shitwit anyways, and nobody gives a damn.

  10. oh fuck off you stupid zealots by Anonymous Coward · · Score: -1, Flamebait

    You had to add the "and fixed" so your little ego wouldn't be slapped by a remote root hole. "WE'RE NOT LIKE MICR$$OFFOFT!" I hear you cry. Well guess what, you are. You may do it for prestige, or enjoyment, rather than raw cash, but they're all about self-fulfillment, and are morally equivalent. And a good OSS authorship will help you get a good job anyway: I've known people use their OSS contributions in this way.