Samba Issue

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Apr 22 04:15:57 MDT 2010 

On Thu, Apr 22, 2010 at 01:36:41AM +0000, Perez, Eugenio wrote:
> I was wondering if you have a patch available for the
> vulnerability mentioned below or maybe you can direct me
> to some site that can help to find the available patches
> that address this vulnerabilities:
> 
> Platforms: AIX, HP-UX, Solaris 9,10 and SuSE
> 
> Samba Versions affected: v 3.0.13, v 3.0.28, v 3.0.32,
> v3.0.34
> 
> Your help on this  matter is greatly appreciated. Thank
> you in advance.
> 
> http://www.securityfocus.com/bid/36250/discuss
> 
> Samba 3.x Multiple Unspecified Remote Vulnerabilities
> 
> Samba is prone to multiple unspecified remote
> vulnerabilities, including:

We are very sorry but we can not. We have tried really hard
to get more information about the vulnerabilities Intevydis
claims in their announcements. But it is not possible to get
any information about them without signing a very strict
contract with that company which prevents the people having
access to their information to provide us (the Samba Team)
with sufficient information to fix the issues.

Believe us, this situation is very, very uncomfortable for
us but the Intevydis policy to us seems to have the primary
goal to keep those vulnerabilities open for as long as
possible, thus to force people to enter contracts with them.

We have looked over the list they posted once on their
website, and some of the vulnerabilities they claim look
very similar to problems we have fixed in later releases,
but we can not be sure because the information they publish
is very sparse.

Older versions of Samba do have known vulnerabilities,
please see http://www.samba.org/samba/history/security.html
for a timeline of our security fixes.

For the current versions of Samba, 3.5.2, 3.4.7, 3.3.12,
3.2.15 and 3.0.37 we are not aware of any security issues.

If you have any more information about any vulnerability,
please contact us at security at samba.org. We will do our very
best to fix this as soon as possible!

Thanks,

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100422/ed67d31e/attachment.pgp>

More information about the samba-technical mailing list