Samba Exploit Discovered, Fixed

Posted by timothy on Monday April 7, 2003 @09:41AM from the lickety-split-sortof dept.

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

3 of 221 comments (clear)

Min score:

Reason:

Sort:

/.'d by kryptkpr · 2003-04-07 09:47 · Score: 0, Redundant

3 posts and the website is dead already...ugh..

--
DJ kRYPT's Free MP3s!
Don't worry guys! by I+Am+The+Owl · 2003-04-07 10:13 · Score: 0, Redundant

It's open source! Many eyes make all bug shallow! See, it's only been in there for eight years!

--

--sdem
I thought OSS was secure? by kevlar · 2003-04-08 08:42 · Score: 0, Redundant

This root level vulnerability has been in every SAMBA distro since its conception... 8 yrs and nobody has found it?