Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Sep 1997 22:09:58 -0700
From:      "Cy Schubert - ITSD Open Systems Group" <cschuber@uumail.gov.bc.ca>
To:        "Studded" <Studded@dal.net>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: samba security fix going into 2.2.5? 
Message-ID:  <199709270510.WAA07862@cwsys.cwent.com>
In-Reply-To: Your message of "Fri, 26 Sep 1997 20:19:09 PDT." <199709270319.UAA27890@mail.san.rr.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
I'm sure it will.  Upgrading the port in the collection is trivial.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."
> 	I saw this on bugtraq today, and haven't noticed any comments
> about it.  Yes, I know that the freebsd team members read bugtraq, I
> just wanted to be sure it was getting attention. :)
> 
> Doug
> 
> ==================BEGIN FORWARDED MESSAGE==================
> >Date: 	Sat, 27 Sep 1997 00:07:19 +1000
> >Reply-To: Andrew.Tridgell@anu.edu.au
> >Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> >From: Andrew Tridgell <tridge@SAMBA.ANU.EDU.AU>
> >Subject:      Security bugfix for Samba
> >To: BUGTRAQ@NETSPACE.ORG
> 
>                 Security bugfix for Samba
>                 -------------------------
> 
> A security hole in all versions of Samba has been recently
> discovered. The security hole allows unauthorized remote users to
> obtain root access on the Samba server.
> 
> An exploit for this security hole has been posted to the internet so
> system administrators should assume that this hole is being actively
> exploited.
> 
> The exploit for the security hole is very architecture specific and
> has been only demonstrated to work for Samba servers running on Intel
> based platforms. The exploit posted to the internet is specific to
> Intel Linux servers. It would be very difficult to produce an exploit
> for other architectures but it may be possible.
> 
> A new release of Samba has now been made that fixes the security
> hole. The new release is version 1.9.17p2 and is available from
> ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz
> 
> This release also adds a routine which logs a message if anyone
> attempts to take advantage of the security hole. The message (in the
> Samba log files) will look like this:
> 
>         ERROR: Invalid password length 999
>         you're machine may be under attack by a user exploiting an old
> bug
>         Attack was from IP=aaa.bbb.ccc.ddd
> 
> where aaa.bbb.ccc.ddd is the IP address of the machine performing the
> attack.
> 
>         The Samba Team
>         samba-bugs@samba.anu.edu.au
> 
> 
> ===================END FORWARDED MESSAGE===================
> 
> 
> Do thou amend thy face,
> 	and I'll amend my life.
> -Shakespeare, "Henry V"
> 
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709270510.WAA07862>