dugan at passwall.com
Wed Nov 27 07:38:56 PST 2002
For those of you who run and use Samba, a security hole was found in Samba
v2.2.x thaty permits carefully crafted passwords to exploit a buffer
overrun in the code during authentication. This is a hole, and is not
actively bein exploited AFAIK.
You should upgrade you samba package soon, or if compiled by hand/using
unsupported version of your distro, manually compile a new copy.
This kind of hole is perfect for worm-based attacks that auto-magically
spread from one hold to another insecure host.
Most of the modern distros have had fixes and new packages for samba. You
should update now or risk future attacks. :-(
P.S. You can find many vendor notices on this on bugtraq at securityfocus
if you wish.
More information about the talk