Slashdot Mirror


Samba Exploit Discovered, Fixed

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

8 of 221 comments (clear)

  1. Re:Okay everybody... by NanoGator · · Score: 4, Funny

    "Okay everybody... ... you know the drill. Pitchforks ready! "

    Whoah, slow down there buddy. We gotta check the list.

    -Microsoft? No.
    -RIAA/MPAA? No.
    -IBM? No.
    -Amazon? No.
    -TurboTax? No.

    Sorry, Samba's not on the list. Turn in your pitchfork for a song of praise.

    --
    "Derp de derp."
  2. Mondays? by raydobbs · · Score: 5, Funny

    I thought Monday was Patch Your Microsoft Server days... SAMBA is allowed Thursday, or was that...Wednesday...? I forget....

    1. Re:Mondays? by Lxy · · Score: 5, Funny

      I thought Monday was Patch Your Microsoft Server days

      Samba is just trying to emulate every aspect of a Windows server, including Windows patch Mondays.

      Yet another compatibility feature we can check off the list.

      --

      There is no reasonable defense against an idiot with an agenda
      :wq
  3. Feature? by Jonathan+the+Nerd · · Score: 5, Funny

    Well, Samba is supposed to make a Unix computer look and act like a Windows server, right? In that case, it could be argued that a remote root exploit is a feature.

    --
    Disclaimer: The opinions expressed are not necessarily my own, as I've not yet had my medication today.
  4. 8 Years?? by MeanMF · · Score: 4, Funny

    This sort of thing could never have happened if it was Open Source! Thousands of people would have reviewed the source code to make sure that there were no problems like this.

    Oh wait...

  5. Re:Don't worry guys! by zulux · · Score: 4, Funny

    Here's Hoping the Modierators don't
    actually read this closely. See, there's
    this dude named Jeremy Allison, one of the
    nice people who writes code for Samba.

    I've used Samba for years - I've used
    to replace or prevent about 20 Microsft
    Windows Instalations over the last few years.

    But by mimicking Jeremy's layout style
    and putting his .sig at the bottom of
    this post - I just might get some undeserved
    Karma.

    Let's see if it works.

    Jeremy Allison,
    Samba Team.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  6. Whoa! by truesaer · · Score: 4, Funny
    At level 4 and higher messages only, I count 43 mod points for Jeremy Allison.

    Conspiracy theory: He created this bug because he's a karma whore!! :)

    1. Re:Whoa! by Jeremy+Allison+-+Sam · · Score: 4, Funny

      Oh no - you've discovered my secret. And it took
      8 years to come to fruition.....

      Now I'll have to kill you :-).

      Jeremy.