Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access

To: <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
From: Hideki Yamane <henrich@iijmio-mail.jp>
Date: Thu, 07 Oct 2004 17:24:27 +0900
Message-id: <[🔎] 200410070824.i978OKH0006880@mms-r00.iijmio.jp>
In-reply-to: <m1CFSxh-000omdC@finlandia.Infodrom.North.DE>
References: <m1CFSxh-000omdC@finlandia.Infodrom.North.DE>

Hi list,

  "Thu, 7 Oct 2004 09:45:17 +0200 (CEST)", "Martin Schulze"
  "[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access"

>Package        : samba
>Vulnerability  : arbitrary file access
>Problem-Type   : remote
>Debian-specific: no
>CVE ID         : CAN-2004-0815

 This is the fix for latest vulnerability that fixed in upstream 
 version 2.2.12 (http://www.samba.org/samba/news/releases/#security_2.2.12),
 but how about the fix for previous buffer overflow vulnerabilities
 (CAN-2004-0600, CAN-2004-0686)? I think that is more danger than 
 fixed vulnerability in DSA 600-1, because this DSA 600-1 issue can
 avoid by editing smb.conf as workaround.
 
 I saw the post in BTS, but it seems to be left since July...  
 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838)


 Does anyone know about this issue?




-- 
Regards,

 Hideki Yamane <henrich @ samba.gr.jp/iijmio-mail.jp>
 Key fingerprint = 4555 82ED 38B6 C870 E099  388C 22ED 21CB C4C7 264B

Reply to:

Prev by Date: Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
Next by Date: Re: [SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
Next by thread: Re: [SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
Index(es):
- Date
- Thread