[Samba] Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...

W. D. WD at US-Webmasters.com
Fri Dec 14 16:37:10 GMT 2007


At 09:50 12/12/2007, Remko Lodder wrote:
>W. D. wrote:
>> At 02:01 12/12/2007, Remko Lodder wrote:
>>> W. D. wrote:
>>>> ...Vulnerability - CVE-2007-6015"
>>>>
>>>> http://www.freshports.org/net/samba3/
>>>>
>>>> 
>============================================================================
>>>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/>
>>>> <http://www.freshports.org/faq.php#watchlistcount> =220
>>>>
>>> 
><http://www.freshports.org/search.php?stype=depends_all&method=match&q>>uery=net/samba3>
>>>> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015"
>>>> IGNORE: is forbidden: "Remote Code Execution Vulnerability - CVE-2007-6015"
>>>> 
>============================================================================
>>>>
>>>> 
>============================================================================
>>>> 11 Dec 2007 22:39:55
>>>>   *3.0.26a_2,1* remko <mailto:remko at FreeBSD.org>
>>>>
>>> 
><http://www.freshports.org/search.php?stype=committer&method=exact&query=remko>
>>>>
>>>> Make Samba forbidden till Timur had the time to upgrade this,
>>>> because
>>>> samba appears to be vulnerable to remote code execution which could harm
>>>> our users.
>>>>
>>>> This will be removed after we have a safe version to which we can
>>>> upgrade.
>>>>
>>>> Hat:                                   
>>>> secteam
>>>> Discussed with and requested
>>>> by:        timur
>>>>
>>>> 
>============================================================================
>>>>
>>>> Dang!  When will this be fixed?
>>>>
>>>>
>>> Soon, there are patches available, we just need to make sure that it
>>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN
>>> part.
>>>
>>> Best regards,
>>> Remko
>> 
>> Hours?  Days?  Weeks?
>> 
>
>The freebsd port will be up to date as soon as possible, there are fixes
>available already on the Samba websites..
>
>Best regards,
>remko

Well, it's been 2 days now.  When will the code be updated
in the FreeBSD ports?  The version on the Samba website is
3.0.28.  (http://www.Samba.org/)  Why is the FreeBSD ports
version stuck at 3.0.26a_2,1?

If there are fixes available already on the Samba websites,
why can't they be integrated into the ports?

I neet to get a fileserver going right away.  I would like
to use Samba.  Perhaps I should just load Windows on it?

It seems to me that leaving a port broken like this is
very "unprofessional".  I would expect more from the folks
maintaing FreeBSD.

When is it going to be fixed?  Does "soon" mean this century?
This year?  When?





Start Here to Find It Fast!™ -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/



More information about the samba mailing list