[Samba] CVE-2008-1105 - clarification request
Gerald (Jerry) Carter
jerry at samba.org
Fri Jun 6 18:49:15 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gustavo Homem wrote:
> Hi,
>
> The announcement states:
>
> "Secunia Research reported a vulnerability that allows for
> the execution of arbitrary code in smbd"
>
> Does this means arbitrary code executed "as root" ou as the user that is
> authenticaded after smdb drops privilegies?
Potentially either. smbd never drops privileges and can always
re-become root.
> Does this affect samba 2.x as well? What versions?
Technically affects Samba 2.2.4 and later. but Samba 2.2 is
reached EOL several years ago.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFISYarIR7qMdg1EfYRAlRYAJ9H2r9BYLx0JTkyXWrgHJTTqNpCSACgzL9m
H+R/lv3EeG6Qfk4JISPTfIc=
=7wU+
-----END PGP SIGNATURE-----
More information about the samba
mailing list