Samba 2.2.8 Security Update

I know this is a popular piece of software and I'm sure a lot of SGI users are running it ... be aware that there is a serious security hole in versions below 2.2.8.

SGI has posted a beta tardist online:

http://freeware.sgi.com/beta/fw_samba-2.2.8.tardist

There is also a tardist available direct from samba.org:

http://master.samba.org/samba/ftp/Binary_Packages/IRIX/samba65.2.2.8.tardist

I'm uncertain what differences, if any any, exist between the two distributions.

(14th Mar, 2003) Security Release - Samba 2.2.8

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445.

See http://us1.samba.org/samba/samba.html for more details.

About this Entry

This page contains a single entry by nekonoko published on March 22, 2003 1:22 AM.

SGI Beta Updates was the previous entry in this blog.

Site Updates is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.