[1819] in SIPB_Linux_Development
Re: Subject: workaround for Samba bug described by ADM
daemon@ATHENA.MIT.EDU (Kevin 'Bob' Fu)
Mon Sep 29 17:10:21 1997
To: linux-dev@MIT.EDU
Cc: efoo@MIT.EDU, mhpower@MIT.EDU
Date: Mon, 29 Sep 1997 17:10:00 EDT
From: "Kevin 'Bob' Fu" <fubob@MIT.EDU>
Several dorm linux boxes were compromised this weekend as a result of
the samba buffer overflow problem. Since most users will probably not
patch the code on their own, does anyone object to sending this to
linux-announce:
Security bugfix for Samba
-------------------------
A security hole in all versions of Samba has been recently discovered.
Several Resnet linux boxes were compromised this weekend as a result.
The security hole allows unauthorized remote users to obtain root
access on the Samba server.
If you run Redhat linux, you might run samba ("ps aux | grep smbd" to
check). Until the RPM is updated, I suggest doing this as root:
rm /etc/rc.d/rc?.d/S??smb*
This will turn off the automatic running of samba daemons.
Reboot, and you should be safer. Make sure smbd and nmbd are no
longer running.
<attach Andrew Tridgell's bugtraq announcement here>
--------
Kevin E. Fu aka Bob the BobOp Athena OLC/RCC
PGP key: finger fubob@snafu.mit.edu SIPB Member
