[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access

Hi list,

  "Thu, 7 Oct 2004 09:45:17 +0200 (CEST)", "Martin Schulze"
  "[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access"

>Package        : samba
>Vulnerability  : arbitrary file access
>Problem-Type   : remote
>Debian-specific: no
>CVE ID         : CAN-2004-0815

 This is the fix for latest vulnerability that fixed in upstream 
 version 2.2.12 (http://www.samba.org/samba/news/releases/#security_2.2.12),
 but how about the fix for previous buffer overflow vulnerabilities
 (CAN-2004-0600, CAN-2004-0686)? I think that is more danger than 
 fixed vulnerability in DSA 600-1, because this DSA 600-1 issue can
 avoid by editing smb.conf as workaround.
 I saw the post in BTS, but it seems to be left since July...  

 Does anyone know about this issue?


 Hideki Yamane <henrich @ samba.gr.jp/iijmio-mail.jp>
 Key fingerprint = 4555 82ED 38B6 C870 E099  388C 22ED 21CB C4C7 264B

Reply to: