[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Installed samba 2.2.2-11 (i386 source all)



On Tue, Jan 22, 2002 at 03:08:52PM -0500, Eloy A. Paris wrote:
> Urgency: low
...
>    * smbmount in the smbfs package does not have the setuid bit set.
>      Apparently, smbmount uses libsmb without checking the environment.
>      Thanks to Christian Jaeger <christian.jaeger@sl.ethz.ch> for
>      finding the local root exploit.

Urgency: low is inappropriate for an upload fixing a root exploit.
The version in testing is sill vulnerable.

Why wasn't the vulnerability even announced publically other than
in this changelog?



Reply to: