On Mon, 2003-03-17 at 11:01, Glynn S. Condez wrote: > To all Slackware fans out there, > you might check Samba buffer overflow > security problem on Slackware 8.1
actually it's not only slackware who's affected. any distro running
samba-2.0.x to 2.2.7a are also affected. here's a snippet from samba's
website:
<snip>
* (14th Mar, 2003) Security Release - Samba 2.2.8
A flaw has been detected in the Samba main smbd code which could
allow an external attacker to remotely and anonymously gain Super User
(root) privileges on a server running a Samba server. This flaw exists
in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a
serious problem and all sites should either upgrade to Samba 2.2.8
immediately or prohibit access to TCP ports 139 and 445. The Release
Notes are available on-line.
In addition to addressing this security issue, Samba 2.2.8
includes many unrelated improvements. These improvements result from our
process of continuous quality assurance and code review, and are part of
the Samba team's committment to excellence.
The source tarballs are available in both gzip format and bzip2
format. The uncompressed tarball signature should also be downloaded to
verify the archive's integrity. Here is the Samba Distribution Key for
verifying the tarball. Finally, here is the patchfile against 2.2.7a
(signature).
<snip>
--
-JhAzEr-
GPG Key: 0xCEC3DFE7
Mobile: 0920-2625725
Slackware Linux 8.1
Gnome 2.2
"...And how can they say i never change,
they're the ones they're still the same."
--John Rzeznik
"Many of the things we cling to as truth,
mainly depend on our point of view."
--Obi Wan Kenobi
signature.asc
Description: This is a digitally signed message part
