Date: Wed, 19 Mar 2003 17:18:27 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: "Nikolaj I. Potanin" <nikolaj@drweb.ru> Cc: security@FreeBSD.ORG Subject: Re: Samba vulnerability Message-ID: <20030319061826.GA4238@cirb503493.alcatel.com.au> In-Reply-To: <3E774C85.902@drweb.ru> References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 18, 2003 at 07:42:45PM +0300, Nikolaj I. Potanin wrote: >>A flaw has been detected in the Samba main smbd code which could allow >>an external attacker to remotely and anonymously gain Super User (root) > ^^^^^^^^^^^^^^^^^ > >Does anyone here have smbd bound to an external interface? ;-) I read this as "external to the Samba server" - which covers everyone who installs Samba in a usable system. If you read it as an Internet accessible server then this is a lot risker - but remember that some people offer NFS across the Internet so it's within the realm of possibility that someone would want to offer Samba on the Internet. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319061826.GA4238>