svn commit: samba-web r233 - trunk/history

Mon Aug 9 03:47:21 GMT 2004

Author: deryck
Date: 2004-08-09 03:47:21 +0000 (Mon, 09 Aug 2004)
New Revision: 233
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-web&path=/&rev=233&nolog=1
Log:
Remove page to allow svn mv of tmp page to main samba.org.
Removed:
   trunk/history/security.html

Changeset:
Deleted: trunk/history/security.html
===================================================================

--- trunk/history/security.html	2004-08-09 03:35:16 UTC (rev 232)
+++ trunk/history/security.html	2004-08-09 03:47:21 UTC (rev 233)
@@ -1,51 +0,0 @@
-<!--#include virtual="/samba/header.html" --> 
-  <title>Samba - Security Updates and Information</title>
-<!--#include virtual="header_history.html" -->
-
-<h2>Samba Security Releases</h2>
-
-<pre>
-<b>Samba 3.0.2a</b> -- security release for CVE ID <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082">CAN-2004-0082</a>
-
-Previous versions of Samba 3.0 are susceptible to a password
-initialization bug that could grant an attacker unauthorized
-access to a user account created by the mksmbpasswd.sh shell
-script.
-
-Samba administrators not wishing to upgrade to the current
-version should download the 3.0.2 release, build the pdbedit
-tool, and run
-
-   root# pdbedit-3.0.2 --force-initialized-passwords
-
-This will disable all accounts not possessing a valid password
-(e.g. the password field has been set a string of X's).
-
-Samba servers running 3.0.2 are not vulnerable to this bug
-regardless of whether or not pdbedit has been used to sanitize
-the passdb backend.  For more info, see the <a href="/samba/whatsnew/samba-3.0.2a.html">release notes</a>.
-
-
-
-<b>Samba 2.2.8a</b> --  security release for CVE ID <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a>
-
-This vulnerability, if exploited correctly, leads to an anonymous 
-user gaining root access on a Samba serving system. All versions 
-of Samba up to and including Samba 2.2.8 are vulnerable. An 
-active exploit of the bug has been reported in the wild. Samba 3.0
-and above are *NOT* vulnerable.  For more info, see the <a href="/samba/whatsnew/samba-2.2.8.html">release notes</a>.
-
-
-
-<b>Samba 2.2.7a</b> -- security release for CVE ID <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a> & <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085">CAN-2003-0085</a>
-
-This corrects a vulnerability discovered in versions 2.2.2 through
-2.2.6 of Samba that could potentially allow an attacker to gain
-root access on the target machine.  The word "potentially" is used
-because there is no known exploit of this bug, and the Samba Team
-has not been able to craft one ourselves. However, the seriousness
-of the problem warranted the immediate 2.2.7 release.  See the
-<a href="/samba/whatsnew/samba-2.2.7a.html">release notes</a> for more info.
-
-</pre>
-<!--#include virtual="footer_history.html" -->

