[Samba]
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote
Code Execution...
W. D.
WD at US-Webmasters.com
Fri Dec 14 16:37:10 GMT 2007
At 09:50 12/12/2007, Remko Lodder wrote:
>W. D. wrote:
>> At 02:01 12/12/2007, Remko Lodder wrote:
>>> W. D. wrote:
>>>> ...Vulnerability - CVE-2007-6015"
>>>>
>>>> http://www.freshports.org/net/samba3/
>>>>
>>>>
>============================================================================
>>>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/>
>>>> <http://www.freshports.org/faq.php#watchlistcount> =220
>>>>
>>>
><http://www.freshports.org/search.php?stype=depends_all&method=match&q>>uery=net/samba3>
>>>> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015"
>>>> IGNORE: is forbidden: "Remote Code Execution Vulnerability - CVE-2007-6015"
>>>>
>============================================================================
>>>>
>>>>
>============================================================================
>>>> 11 Dec 2007 22:39:55
>>>> *3.0.26a_2,1* remko <mailto:remko at FreeBSD.org>
>>>>
>>>
><http://www.freshports.org/search.php?stype=committer&method=exact&query=remko>
>>>>
>>>> Make Samba forbidden till Timur had the time to upgrade this,
>>>> because
>>>> samba appears to be vulnerable to remote code execution which could harm
>>>> our users.
>>>>
>>>> This will be removed after we have a safe version to which we can
>>>> upgrade.
>>>>
>>>> Hat:
>>>> secteam
>>>> Discussed with and requested
>>>> by: timur
>>>>
>>>>
>============================================================================
>>>>
>>>> Dang! When will this be fixed?
>>>>
>>>>
>>> Soon, there are patches available, we just need to make sure that it
>>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN
>>> part.
>>>
>>> Best regards,
>>> Remko
>>
>> Hours? Days? Weeks?
>>
>
>The freebsd port will be up to date as soon as possible, there are fixes
>available already on the Samba websites..
>
>Best regards,
>remko
Well, it's been 2 days now. When will the code be updated
in the FreeBSD ports? The version on the Samba website is
3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports
version stuck at 3.0.26a_2,1?
If there are fixes available already on the Samba websites,
why can't they be integrated into the ports?
I neet to get a fileserver going right away. I would like
to use Samba. Perhaps I should just load Windows on it?
It seems to me that leaving a port broken like this is
very "unprofessional". I would expect more from the folks
maintaing FreeBSD.
When is it going to be fixed? Does "soon" mean this century?
This year? When?
Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/
More information about the samba
mailing list