[linux-cifs-client] security risk

daniel.r.martin at us.hsbc.com daniel.r.martin at us.hsbc.com
Fri May 1 12:57:00 GMT 2009


Hello All,
      We ran a vulnerability test on our Linux box, and found a possible
security risk with the version of samba we are running, 3.0.21b.  The
reason for using this version of Samba is because it is approved by IBM for
use with Clear-Case.  I have a request with IBM to support version of Samba
that fixes the :Samba NDR MS-RPC Request Heap-Based Buffer Overflow
Vulnerability"  that was detected.  If this issue has been resolved, can
you please let me know which version of  Samba it was fixed, and the
bugzilla number associated with it.  The information will help IBM
determine if they are already working on support for that version of Samba,
or if they have a request to fix the problem.

thanks
Daniel R. Martin

=============================================
Development Support, IT Engineering - Quality, US
Global Banking & Markets
NY Office : (646)344-3148
Cell     :  (917) 559 2713
Email: SCM_NY
=============================================

-----------------------------------------
******************************************************************
This E-mail is confidential. It may also be legally privileged. If
you are not the addressee you may not copy, forward, disclose or
use any part of it. If you have received this message in error,
please delete it and all copies from your system and notify the
sender immediately by return E-mail.

Internet communications cannot be guaranteed to be timely, secure,
error or virus-free. The sender does not accept liability for any
errors or omissions.
******************************************************************
SAVE PAPER - THINK BEFORE YOU PRINT!


More information about the linux-cifs-client mailing list