Re: [SECURITY] [DSA-200-1] Samba buffer overflow
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 23 November 2002 05:21, Wichert Akkerman wrote:
> Package : samba
> Problem type : remote exploit
> Debian-specific: no
> Steve Langasek found an exploitable bug in the password handling
> code in samba: when converting from DOS code-page to little endian
> UCS2 unicode a buffer length was not checked and a buffer could
> be overflowed. There is no known exploit for this, but an upgrade
> is strongly recommended.
> This problem has been fixed in version 2.2.3a-12 of the Debian
> samba packages and upstream version 2.2.7.
Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog
entries since the version in stable it looks as if this upgrade does a
little more than just fix the security problem. Whatever happened to
just backporting the security fix?
GnuPG key: 91114EAF/C3E1 2D40 C7CC AEB2 FB15 8BDF 60C2 5B3F 9111 4EAF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----