On Tue, 30 Sep 1997, John M. Rulnick wrote: > Thank you. Actually, I'm wondering if you could point me to the > *source* fixes for samba (assuming it is not just a Debian security > problem), since the information is to be passed on to a non-Debian > sysadmin.
Here is the original announcement: Xref: uchinews comp.os.linux.announce:8694 Path: uchinews!news.spss.com!uunet!in5.uu.net!news2.epix.net!cdc2.cdc.net!ais.net!newsfeed.internetmci.com!141.211.144.13!newsxfer3.itd.umich.edu!news1.best.com!uninett.no!news-stkh.gip.net!news.gsl.net!gip.net!news3.funet.fi!news.funet.fi!news.cs.hut.fi! news.clinet.fi!liw.clinet.fi!not-for-mail From: Andrew Tridgell <[EMAIL PROTECTED]> Newsgroups: comp.os.linux.announce Subject: SECURITY: Security bugfix for Samba Followup-To: comp.os.linux.misc Date: Fri, 26 Sep 1997 21:58:32 GMT Organization: none Lines: 59 Approved: [EMAIL PROTECTED] (Lars Wirzenius) Message-ID: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] NNTP-Posting-Host: liw.clinet.fi NNTP-Posting-User: liw X-Server-Date: 26 Sep 1997 21:58:45 GMT Old-Date: Fri, 26 Sep 1997 23:40:47 +1000 X-No-Archive: yes X-Auth: PGPMoose V1.1 PGP comp.os.linux.announce iQBVAwUBNCwwFDiesvPHtqnBAQGqGgIAkwndoh2YjjAiVOCDs7bTdnPC0qmTk//L XtLkOqIRjHWZoohH3uA4jaKr3gz//42hFcFF/JyYef4OHx8HFn5bvg== =BLDy -----BEGIN PGP SIGNED MESSAGE----- Security bugfix for Samba ------------------------- A security hole in all versions of Samba has been recently discovered. The security hole allows unauthorized remote users to obtain root access on the Samba server. An exploit for this security hole has been posted to the internet so system administrators should assume that this hole is being actively exploited. The exploit for the security hole is very architecture specific and has been only demonstrated to work for Samba servers running on Intel based platforms. The exploit posted to the internet is specific to Intel Linux servers. It would be very difficult to produce an exploit for other architectures but it may be possible. A new release of Samba has now been made that fixes the security hole. The new release is version 1.9.17p2 and is available from ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz This release also adds a routine which logs a message if anyone attempts to take advantage of the security hole. The message (in the Samba log files) will look like this: ERROR: Invalid password length 999 you're machine may be under attack by a user exploiting an old bug Attack was from IP=aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack. Please report any attacks to the appropriate authority. The Samba Team [EMAIL PROTECTED] - -- This article has been digitally signed by the moderator, using PGP. http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature. Send submissions for comp.os.linux.announce to: [EMAIL PROTECTED] PLEASE remember a short description of the software and the LOCATION. This group is archived at http://www.iki.fi/liw/linux/cola.html -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNCwwD4QRll5MupLRAQF8TQQA2m+9WqUAVg/BAvc+Flfdjp0EpHUS++Ia wDj3LAkQeyexR7fTncvYevIgXCa7B4ZjA6SlH3pEe3UBV9sH+uAjXg2fIzt5YVvb fFbVnUwLCTFBxCt8sCjTV7QvLLpcO8fP2dWWFGpErY6y/v2boQM5t+JWCI4Ecy0e YIitrcRv5zk= =rcqW -----END PGP SIGNATURE----- Roy [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .