Re: Installed samba 2.2.2-11 (i386 source all)
On Tue, Jan 22, 2002 at 03:08:52PM -0500, Eloy A. Paris wrote:
> Urgency: low
...
> * smbmount in the smbfs package does not have the setuid bit set.
> Apparently, smbmount uses libsmb without checking the environment.
> Thanks to Christian Jaeger <christian.jaeger@sl.ethz.ch> for
> finding the local root exploit.
Urgency: low is inappropriate for an upload fixing a root exploit.
The version in testing is sill vulnerable.
Why wasn't the vulnerability even announced publically other than
in this changelog?
Reply to: