Upgrade samba...

ME dugan at passwall.com
Wed Nov 27 07:38:56 PST 2002

For those of you who run and use Samba, a security hole was found in Samba
v2.2.x thaty permits carefully crafted passwords to exploit a buffer
overrun in the code during authentication. This is a hole, and is not
actively bein exploited AFAIK.

You should upgrade you samba package soon, or if compiled by hand/using
unsupported version of your distro, manually compile a new copy.

This kind of hole is perfect for worm-based attacks that auto-magically
spread from one hold to another insecure host.

Most of the modern distros have had fixes and new packages for samba. You
should update now or risk future attacks. :-(


P.S. You can find many vendor notices on this on bugtraq at securityfocus
if you wish.

More information about the talk mailing list