[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Samba symlink 0day flaw
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-02-05 18:51:37
Message-ID: 721400777.1212531265395897361.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

As many of you have probably seen, there was a supposed Samba 0day flaw
posted to full-disclosure and youtube.

Samba has a response to this:
http://marc.info/?l=samba-technical&m=126539387432412&w=2

I'm not sure if this should get a CVE id. It is documented behavior.
Somewhat unexpected though. I think changing the default is the right way
to go, but it may be more of a hardening measure than a security fix.

Thoughts Steve?

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic