[679] in linux-security and linux-alert archive
[linux-security] Re: Alinux-securityA samba security hole...
daemon@ATHENA.MIT.EDU (Andrew Tridgell)
Sat Apr 20 12:34:57 1996
Date: Fri, 19 Apr 1996 12:20:03 +1000
From: Andrew Tridgell <tridge@cs.anu.edu.au>
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: <Pine.LNX.3.91.960416185137.4772B-100000@jessi.indstate.edu>
(message from Earth Fire Wind Water on Tue, 16 Apr 1996 18:53:21 -0500
(CDT))
Reply-to: Andrew.Tridgell@anu.edu.au
> From: Earth Fire Wind Water <hawk@jessi.indstate.edu>
>
> I know this might not be a good place to ask this but I have heard of a
> rumour of a big security hole with samba... is there any truth to this
> and if so can someone point me to look for documentation on this?
It turns out that this rumour originated from a magazine article. It
almost certainly was one of the bunch of magazine articles on the
microsoft windows "cd ..." bug which can be exploited using
smbclient. Smbclient comes with samba.
The microsoft PR people managed to twist their announcement of this
bug to make it sound like a samba bug. I have subsequently received
apologies from senior MS people.
If you are interested in this bug or other related bugs have a look at
http://samba.canberra.edu.au/pub/samba
If anyone knows of any real security holes in samba then please let me
know. I try to be very careful about security issues in samba.
Andrew
