[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Feb 2010 16:43:35 -0500
From: Simo Sorce <ssorce@...hat.com>
To: Nico Golde <oss-security+ml@...lde.de>
Cc: oss-security@...ts.openwall.com, coley <coley@...re.org>
Subject: Re: Samba symlink 0day flaw
On Fri, 5 Feb 2010 22:05:30 +0100
Nico Golde <oss-security+ml@...lde.de> wrote:
> Hey,
> * Josh Bressers <bressers@...hat.com> [2010-02-05 20:11]:
> > As many of you have probably seen, there was a supposed Samba 0day
> > flaw posted to full-disclosure and youtube.
> >
> > Samba has a response to this:
> > http://marc.info/?l=samba-technical&m=126539387432412&w=2
> >
> > I'm not sure if this should get a CVE id. It is documented behavior.
> > Somewhat unexpected though. I think changing the default is the
> > right way to go, but it may be more of a hardening measure than a
> > security fix.
> >
> > Thoughts Steve?
>
> Given the count of users that are probably affected by this and it
> not being documented in e.g. man 5 smb.conf I'd vote for yes! :)
>
> Cheers
> Nico
Sorry not clear what would not be documented in smb.conf ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
