[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability in Samba 2.2.10 and older
In message <20040830125157.GC21401@colwyn.zhadum.de>
on Mon, 30 Aug 2004 14:51:58 +0200,
Matthias Scheler <tron@NetBSD.org> wrote:
> On Mon, Aug 30, 2004 at 09:16:12PM +0900, Takahiro Kambe wrote:
> > > http://www.samba.org/samba/history/samba-2.2.11.html
> > ja-samba package already contains the relevant fix obtained from
> > diffing 2.2.10 and 2.2.11 as:
> >
> > net/ja-samba/patches/patch-aw
>
> That's good news. Can you please update the entry for this vulnerability
> in "localsrc/security/advisories/pkg-vulnerabilities"?
I didn't think the problem the security related problem since it would
crash forked smbd for the client and it wouldn't stop service for
other (none Windows XP SP2) clients; the problem is Windows XP SP2
clients only.
If it is worth adding as a pkg-vulnerabilities entry, what is the type
of exploit? (The security fix by Samba 2.2.10 is fixed by ja-samba
2.2.9.1.0nb1 package and it is already described in pkg-vulnerabilities.)
Best regards.
--
Takahiro Kambe <taca@back-street.net>