Samba Exploit Discovered, Fixed
An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?"
elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."
Well I don't want to describe them as I don't want
to give any crackers ideas on how to exploit them.
Microsoft know and they are the only people who can
do anything about it, it's *their* code, not mine
Me describing the problem to you will make the problem
worse, not better.
If people find bugs in my code I want them to tell me
and I fix them asap. If they are security related I
want them to give me warning first before going public.
This is what we have done with Microsoft, it's the
responsible, professional thing to do. What gets done
about it is *their* decision, not mine (or yours).
Jeremy Allison,
Samba Team.