[Samba] Re: [SECURITY] Samba 2.2.8a security available for download

Herbert Lewis herb at sgi.com
Mon Apr 7 14:21:29 GMT 2003


IRIX binaries have been uploaded to samba.org and will soon be available
on the mirror sites.


"Gerald (Jerry) Carter" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This release provides an important security fix outlined in the
> release notes that follow. This is the latest stable release of
> Samba and the version that all production Samba servers should be
> running for all current bug-fixes.
> 
> The source code can be downloaded from :
> 
>     http://download.samba.org/samba/ftp/
> 
> in the file samba-2.2.8a.tar.gz or samba-2.2.8a.tar.bz2.
> Both archives have been signed using the Samba Distribution Key
> (available in the samba directory on the web server).
> 
> Binary packages will be released shortly for major platforms and
> can be found at
> 
>     http://download.samba.org/samba/ftp/Binary_Packages/
> 
> As always, all bugs are our responsibility.
> 
>                            --Sincerely
>                            The Samba Team
> 
>                ****************************************
>                * IMPORTANT: Security bugfix for Samba *
>                ****************************************
> 
> Summary
> - -------
> 
> Digital Defense, Inc. has alerted the Samba Team to a serious
> vulnerability in all stable versions of Samba currently shipping.
> The Common Vulnerabilities and Exposures (CVE) project has assigned
> the ID CAN-2003-0201 to this defect.
> 
> This vulnerability, if exploited correctly, leads to an anonymous
> user gaining root access on a Samba serving system. All versions
> of Samba up to and including Samba 2.2.8 are vulnerable. An active
> exploit of the bug has been reported in the wild. Alpha versions of
> Samba 3.0 and above are *NOT* vulnerable.
> 
> Credit
> - ------
> 
> The Samba Team would like to thank Erik Parker and the team at
> Digital Defense, Inc. for their efforts spent in the responsible
> and timely reporting of this bug.
> 
> Patch Availability
> - ------------------
> 
> The Samba 2.2.8a release contains only updates to address this
> security issue. A roll-up patch for release 2.2.7a and 2.0.10
> addressing both CAN-2003-0201 and CAN-2003-0085 can be obtained
> from http://www.samba.org/samba/ftp/patches/security/.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> 
> iD8DBQE+kWjmIR7qMdg1EfYRAgJXAKCFXWq0lMKStlsIXBZohdqJQnzmQQCgnmgx
> S0bz5z81vQCQMkKFzENtXpU=
> =1LJQ
> -----END PGP SIGNATURE-----


More information about the samba mailing list