oss-sec mailing list archives
Re: Samba symlink 0day flaw
From: Simo Sorce <ssorce () redhat com>
Date: Fri, 5 Feb 2010 16:43:35 -0500
On Fri, 5 Feb 2010 22:05:30 +0100 Nico Golde <oss-security+ml () ngolde de> wrote:
Hey, * Josh Bressers <bressers () redhat com> [2010-02-05 20:11]:As many of you have probably seen, there was a supposed Samba 0day flaw posted to full-disclosure and youtube. Samba has a response to this: http://marc.info/?l=samba-technical&m=126539387432412&w=2 I'm not sure if this should get a CVE id. It is documented behavior. Somewhat unexpected though. I think changing the default is the right way to go, but it may be more of a hardening measure than a security fix. Thoughts Steve?Given the count of users that are probably affected by this and it not being documented in e.g. man 5 smb.conf I'd vote for yes! :) Cheers Nico
Sorry not clear what would not be documented in smb.conf ? Simo. -- Simo Sorce * Red Hat, Inc * New York
Current thread:
- Samba symlink 0day flaw Josh Bressers (Feb 05)
- Re: Samba symlink 0day flaw Nico Golde (Feb 05)
- Re: Samba symlink 0day flaw Michael Gilbert (Feb 05)
- Re: Samba symlink 0day flaw Simo Sorce (Feb 05)
- Re: Samba symlink 0day flaw Nico Golde (Feb 06)
- Re: Samba symlink 0day flaw Yves-Alexis Perez (Feb 06)
- Re: Samba symlink 0day flaw Nico Golde (Feb 07)
- Re: Samba symlink 0day flaw Nico Golde (Feb 05)
- Re: Samba symlink 0day flaw Steven M. Christey (Mar 05)