Linux Today: Linux News On Internet Time.

More on LinuxToday

Samba 2.2.8a Available for Download

Apr 07, 2003, 19:00 (1 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

[ Thanks to Vance Lankhaar for this link. ]

This release provides an important security fix outlined in the release notes that follow. This is the latest stable release of Samba and the version that all production Samba servers should be running for all current bug-fixes.

The source code can be downloaded from :

in the file samba-2.2.8a.tar.gz or samba-2.2.8a.tar.bz2. Both archives have been signed using the Samba Distribution Key (available in the samba directory on the web server).

Binary packages will be released shortly for major platforms and can be found at

As always, all bugs are our responsibility.

The Samba Team

               * IMPORTANT: Security bugfix for Samba *

- -------

Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in all stable versions of Samba currently shipping.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the ID CAN-2003-0201 to this defect.

This vulnerability, if exploited correctly, leads to an anonymous
user gaining root access on a Samba serving system. All versions
of Samba up to and including Samba 2.2.8 are vulnerable. An active
exploit of the bug has been reported in the wild. Alpha versions of
Samba 3.0 and above are *NOT* vulnerable.

- ------

The Samba Team would like to thank Erik Parker and the team at
Digital Defense, Inc. for their efforts spent in the responsible
and timely reporting of this bug.

Patch Availability
- ------------------

The Samba 2.2.8a release contains only updates to address this
security issue. A roll-up patch for release 2.2.7a and 2.0.10
addressing both CAN-2003-0201 and CAN-2003-0085 can be obtained

Related Stories: