[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability in Samba 2.2.10 and older

In message <20040830125157.GC21401@colwyn.zhadum.de>
	on Mon, 30 Aug 2004 14:51:58 +0200,
	Matthias Scheler <tron@NetBSD.org> wrote:
> On Mon, Aug 30, 2004 at 09:16:12PM +0900, Takahiro Kambe wrote:
> > > http://www.samba.org/samba/history/samba-2.2.11.html
> > ja-samba package already contains the relevant fix obtained from
> > diffing 2.2.10 and 2.2.11 as:
> > 
> >        net/ja-samba/patches/patch-aw
> That's good news. Can you please update the entry for this vulnerability
> in "localsrc/security/advisories/pkg-vulnerabilities"?
I didn't think the problem the security related problem since it would
crash forked smbd for the client and it wouldn't stop service for
other (none Windows XP SP2) clients; the problem is Windows XP SP2
clients only.

If it is worth adding as a pkg-vulnerabilities entry, what is the type
of exploit?  (The security fix by Samba 2.2.10 is fixed by ja-samba package and it is already described in pkg-vulnerabilities.)

Best regards.

Takahiro Kambe <taca@back-street.net>