[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Samba symlink 0day flaw
From:       Nico Golde <oss-security+ml () ngolde ! de>
Date:       2010-02-05 21:05:30
Message-ID: 20100205210530.GP30053 () ngolde ! de
[Download RAW message or body]


Hey,
* Josh Bressers <bressers@redhat.com> [2010-02-05 20:11]:
> As many of you have probably seen, there was a supposed Samba 0day flaw
> posted to full-disclosure and youtube.
> 
> Samba has a response to this:
> http://marc.info/?l=samba-technical&m=126539387432412&w=2
> 
> I'm not sure if this should get a CVE id. It is documented behavior.
> Somewhat unexpected though. I think changing the default is the right way
> to go, but it may be more of a hardening measure than a security fix.
> 
> Thoughts Steve?

Given the count of users that are probably affected by this and it not being 
documented in e.g. man 5 smb.conf I'd vote for yes! :)

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic