Date: Tue, 18 Mar 2003 19:42:45 +0300 From: "Nikolaj I. Potanin" <nikolaj@drweb.ru> To: security@FreeBSD.ORG Subject: Re: Samba vulnerability Message-ID: <3E774C85.902@drweb.ru> In-Reply-To: <20030318143759.GA77729@nevermind.kiev.ua> References: <20030318143759.GA77729@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
> A flaw has been detected in the Samba main smbd code which could allow
> an external attacker to remotely and anonymously gain Super User (root)
^^^^^^^^^^^^^^^^^
Does anyone here have smbd bound to an external interface? ;-)
> privileges on a server running a Samba server. This flaw exists in
> previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a
> serious problem and all sites should either upgrade to Samba 2.2.8
> immediately or prohibit access to TCP ports 139 and 445. The Release
> Notes are available on-line.
--
Nikolaj I. Potanin, SA http://www.drweb.ru
ID Anti-Virus Lab (SalD Ltd) nikolaj@drweb.ru
St. Petersburg, Russia ph.: +7-812-3888624
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E774C85.902>