Date: Wed, 19 Mar 2003 16:06:52 +0000 From: Guy Dawson <guy@crossflight.co.uk> Cc: security@freebsd.org Subject: Re: Samba vulnerability Message-ID: <3E78959C.3040204@crossflight.co.uk> In-Reply-To: <20030319061826.GA4238@cirb503493.alcatel.com.au> References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru> <20030319061826.GA4238@cirb503493.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote: > On Tue, Mar 18, 2003 at 07:42:45PM +0300, Nikolaj I. Potanin wrote: > >>>A flaw has been detected in the Samba main smbd code which could allow >>>an external attacker to remotely and anonymously gain Super User (root) >> >> ^^^^^^^^^^^^^^^^^ >> >>Does anyone here have smbd bound to an external interface? ;-) > > > I read this as "external to the Samba server" - which covers everyone > who installs Samba in a usable system. Me too! In otherwords the attacker does not need an account on the server they are attacking. Guy -- -------------------------------------------------------------------- Guy Dawson I.T. Manager Crossflight Ltd guy@crossflight.co.uk 07973 797819 01753 776104 ********************************************************************** This email contains the views and opinions of a Crossflight Limited employee and at this stage are in no way a direct representation of Crossflight Limited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. To ensure the integrity and appropriate use of its email system, Crossflight Limited reserves the right to examine any email held on its email system or sent to or from it. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. We strongly recomend that you check this email with your own virus software as Crossflight Limited will not be held responsible for any damage caused by viruses as a result of opening this email. ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E78959C.3040204>