I just ran into this:
(14th Mar, 2003) Security Release - Samba 2.2.8 A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445. The Release Notes are available on-line. In addition to addressing this security issue, Samba 2.2.8 includes many unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's committment to excellence. Guess that they learned more from Microsoft than just the SMB interface ;-> -------------------------------------------------------------------- Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail: [EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM: lbdyck
