On Tue, 2014-06-24 at 08:51 +0200, Brian Jonnes wrote: > Latest security patch does not include this. Shall I post to security team? > > On Fri, May 30, 2014 at 1:12 AM, Andrew Bartlett <abart...@samba.org> wrote: > > On Wed, 2014-05-21 at 21:15 +0200, Brian Jonnes wrote: > >> Package: winbind > >> Version: 2:3.6.6-6+deb7u3 > >> > >> winbind is dumping core. Debug shows in rpc_lookup_usergroups > >> (source3/winbindd/winbindd_rpc.c) use of rid_array before status is > >> checked (after dcerpc_samr_GetGroupsForUser). > > > > I recently fixed this in git master with > > 95e0d759ac7584d8e27240f11a4b51077b61929c > >
I don't see how it is a security issue, (and if your DC wants to own you, there are easier ways). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org