[Pluto-security] Samba 2.2.8a (importante!)
Tom aka 'Dido'
tom at pluto.linux.it
Sat Apr 12 21:36:30 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Immagino che ormai tutti lo sappiano.. Comunque: dal sito www.samba.org
=============================================
(7 Apr, 2003) Security Advisory - Samba 2.2.8a security available for download
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in
all stable versions of Samba currently shipping. The Common Vulnerabilities
and Exposures (CVE) project has assigned the ID CAN-2003- 0201 to this
defect.
This vulnerability, if exploited correctly, leads to an anonymous user gaining
root access on a Samba serving system. All versions of Samba up to and
including Samba 2.2.8 are vulnerable. An active exploit of the bug has been
reported in the wild. Alpha versions of Samba 3.0 and above are *NOT*
vulnerable.
The 2.2.8a release contains only updates to address this security issue. A
rollup patch for release 2.2.7a and 2.0.10 addressing both CAN-2003-0201 and
CAN-2003-0085 can be obtained from this directory.
The source tarball is available in both gzip format and bzip2 format. The
uncompressed tarball signature should also be downloaded to verify the
archive's integrity. Here is the Samba Distribution Key for verifying the
tarball. Finally, here is the patchfile against 2.2.8 (signature).
=============================================
- --
- -------------------------------------
Dido
PGP Public Key
http://web.tiscali.it/di_do/dido.asc
- -------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+mFyuQe/GGXXd6zQRAqQqAKCG/ENjV8HW5sONeaiXaaWiEZXzfgCgtuMa
UKbY9m//FxHglPOq+2B2fho=
=pjDx
-----END PGP SIGNATURE-----
More information about the pluto-security
mailing list