[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Samba symlink 0day flaw
From:       Ludwig Nussel <ludwig.nussel () suse ! de>
Date:       2010-03-05 7:56:16
Message-ID: 201003050856.16793.ludwig.nussel () suse ! de
[Download RAW message or body]

Josh Bressers wrote:
> As many of you have probably seen, there was a supposed Samba 0day flaw
> posted to full-disclosure and youtube.
> 
> Samba has a response to this:
> http://marc.info/?l=samba-technical&m=126539387432412&w=2
> 
> I'm not sure if this should get a CVE id. It is documented behavior.
> Somewhat unexpected though. I think changing the default is the right way
> to go, but it may be more of a hardening measure than a security fix.
> 
> Thoughts Steve?

Any update on this? I think unexpected insecure default
configurations that surprise admins did get CVE numbers in the past.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic