[linux-cifs-client] security risk
Jeff Layton
jlayton at samba.org
Fri May 1 13:21:14 GMT 2009
On Fri, 1 May 2009 08:57:00 -0400
daniel.r.martin at us.hsbc.com wrote:
>
> Hello All,
> We ran a vulnerability test on our Linux box, and found a possible
> security risk with the version of samba we are running, 3.0.21b. The
> reason for using this version of Samba is because it is approved by IBM for
> use with Clear-Case. I have a request with IBM to support version of Samba
> that fixes the :Samba NDR MS-RPC Request Heap-Based Buffer Overflow
> Vulnerability" that was detected. If this issue has been resolved, can
> you please let me know which version of Samba it was fixed, and the
> bugzilla number associated with it. The information will help IBM
> determine if they are already working on support for that version of Samba,
> or if they have a request to fix the problem.
>
Hi Dan,
This mailing list is for the in-kernel Linux CIFS client. You're
probably better off asking this question on samba at lists.samba.org.
--
Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list