Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us


More on LinuxToday


Samba 2.2.8a Available for Download

Apr 07, 2003, 19:00 (1 Talkback[s])

[ Thanks to Vance Lankhaar for this link. ]

This release provides an important security fix outlined in the release notes that follow. This is the latest stable release of Samba and the version that all production Samba servers should be running for all current bug-fixes.

The source code can be downloaded from :

http://download.samba.org/samba/ftp/

in the file samba-2.2.8a.tar.gz or samba-2.2.8a.tar.bz2. Both archives have been signed using the Samba Distribution Key (available in the samba directory on the web server).

Binary packages will be released shortly for major platforms and can be found at

http://download.samba.org/samba/ftp/Binary_Packages/

As always, all bugs are our responsibility.

--Sincerely
The Samba Team

               ****************************************
               * IMPORTANT: Security bugfix for Samba *
               ****************************************


Summary
- -------

Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in all stable versions of Samba currently shipping.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the ID CAN-2003-0201 to this defect.

This vulnerability, if exploited correctly, leads to an anonymous
user gaining root access on a Samba serving system. All versions
of Samba up to and including Samba 2.2.8 are vulnerable. An active
exploit of the bug has been reported in the wild. Alpha versions of
Samba 3.0 and above are *NOT* vulnerable.


Credit
- ------

The Samba Team would like to thank Erik Parker and the team at
Digital Defense, Inc. for their efforts spent in the responsible
and timely reporting of this bug.


Patch Availability
- ------------------

The Samba 2.2.8a release contains only updates to address this
security issue. A roll-up patch for release 2.2.7a and 2.0.10
addressing both CAN-2003-0201 and CAN-2003-0085 can be obtained
from http://www.samba.org/samba/ftp/patches/security/.

Related Stories: