Samba Exploit Discovered, Fixed

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

Re:Feature?

[nutsy]

Charming attitude. Not wanting to release an exploit is one thing; not wanting to even describe a problem is security through obscurity, and you know how loved that is. Apparently even just interoperating with MS-Windows software causes one to be infected with Microsoft attitudes.

And no, I'm not claiming that you're lying about any such exploitable bug existing. Oh, what the hell I'm bound to get flamed for daring to question this in any case. 'Tis the nature of the beast.

Re:Feature?

[treat]

The parent post was moderated down to -1 in order to suppress knowledge of the fact certain members of the Samba team have such corrupted ethics as to make it questionable whether their software should be used for any purpose.