Serious security hole in Samba
Hi,
a very serious security hole in Samba has been found and an exploit of it
has been posted to the Internet. The Samba team released a patch a couple
of hours after the hole was discovered.
The security hole allows anyone one to obtain root access to the Samba
server and it affects all Samba versions up to now. The exploit posted
to the Internet is for Linux on Intel and it's very cleaver.
I made Debian packages for this new Samba version (1.9.17p2) for both
libc5 and libc6 and if someone wants to place them in a public FTP/WWW
just let me know. I think an update should go definitely to 1.3.1
given the seriousness of the hole.
I have been unable to contact the Samba maintainer in the past when I tried
to give suggestions on how to compile Samba against glibc2 and other problems
with the Debian package. If he has no problem, I would be more than willing
to become the official maintainer for Samba. My reasons are that I use
Samba heavyly here at my company and I always read the Samba mailing lists
and I am making unofficial Debian packages for Samba anyways because
I have to be on the edge of Samba development and Debian packages for
Samba haven't been up to date lately :-)
E.-
--
Eloy A. Paris
Information Technology Department
Rockwell Automation de Venezuela
Telephone: +58-2-9432311 Fax: +58-2-9431645
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: