Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
Hi list,
"Thu, 7 Oct 2004 09:45:17 +0200 (CEST)", "Martin Schulze"
"[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access"
>Package : samba
>Vulnerability : arbitrary file access
>Problem-Type : remote
>Debian-specific: no
>CVE ID : CAN-2004-0815
This is the fix for latest vulnerability that fixed in upstream
version 2.2.12 (http://www.samba.org/samba/news/releases/#security_2.2.12),
but how about the fix for previous buffer overflow vulnerabilities
(CAN-2004-0600, CAN-2004-0686)? I think that is more danger than
fixed vulnerability in DSA 600-1, because this DSA 600-1 issue can
avoid by editing smb.conf as workaround.
I saw the post in BTS, but it seems to be left since July...
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838)
Does anyone know about this issue?
--
Regards,
Hideki Yamane <henrich @ samba.gr.jp/iijmio-mail.jp>
Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
Reply to: