Date: Fri, 26 Sep 1997 21:53:36 -0700 From: Cy Schubert <cy@uumail.gov.bc.ca> To: "Studded" <Studded@dal.net> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: samba security fix going into 2.2.5? Message-ID: <199709270453.VAA07721@cwsys.cwent.com> In-Reply-To: Your message of "Fri, 26 Sep 1997 20:19:09 PDT." <199709270319.UAA27890@mail.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sure it will. Upgrading the port in the collection is trivial.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
> I saw this on bugtraq today, and haven't noticed any comments
> about it. Yes, I know that the freebsd team members read bugtraq, I
> just wanted to be sure it was getting attention. :)
>
> Doug
>
> ==================BEGIN FORWARDED MESSAGE==================
> >Date: Sat, 27 Sep 1997 00:07:19 +1000
> >Reply-To: Andrew.Tridgell@anu.edu.au
> >Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> >From: Andrew Tridgell <tridge@SAMBA.ANU.EDU.AU>
> >Subject: Security bugfix for Samba
> >To: BUGTRAQ@NETSPACE.ORG
>
> Security bugfix for Samba
> -------------------------
>
> A security hole in all versions of Samba has been recently
> discovered. The security hole allows unauthorized remote users to
> obtain root access on the Samba server.
>
> An exploit for this security hole has been posted to the internet so
> system administrators should assume that this hole is being actively
> exploited.
>
> The exploit for the security hole is very architecture specific and
> has been only demonstrated to work for Samba servers running on Intel
> based platforms. The exploit posted to the internet is specific to
> Intel Linux servers. It would be very difficult to produce an exploit
> for other architectures but it may be possible.
>
> A new release of Samba has now been made that fixes the security
> hole. The new release is version 1.9.17p2 and is available from
> ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz
>
> This release also adds a routine which logs a message if anyone
> attempts to take advantage of the security hole. The message (in the
> Samba log files) will look like this:
>
> ERROR: Invalid password length 999
> you're machine may be under attack by a user exploiting an old
> bug
> Attack was from IP=aaa.bbb.ccc.ddd
>
> where aaa.bbb.ccc.ddd is the IP address of the machine performing the
> attack.
>
> The Samba Team
> samba-bugs@samba.anu.edu.au
>
>
> ===================END FORWARDED MESSAGE===================
>
>
> Do thou amend thy face,
> and I'll amend my life.
> -Shakespeare, "Henry V"
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709270453.VAA07721>