Date: Wed, 26 May 2010 11:23:35 +0200 From: Thomas Biege <thomas@...e.de> To: Tomas Hoger <thoger@...hat.com> Cc: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: Fwd: [Full-disclosure] stratsec Security Advisory SS-2010-005: Samba Multiple DoS Vulnerabilities Am Mittwoch 26 Mai 2010 09:46:44 schrieb Tomas Hoger: > On Tue, 25 May 2010 17:10:04 +0200 Thomas Biege wrote: > > So far no assignments were made, right? > > Do you have any public bug report with further details about these > flaws? I am just aware of this posting to FD. > According to our samba maintainers, this code is only executed > in per-connection smbd child and one can only DoS own connection. It > seems upstream has not handled this as security either. That would be good. One samba update less. Cheers, Thomas -- Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.