[Pkg-samba-maint] Bug#568493: Bug#568493: samba: zero-day remote access exploit
Christian PERRIER
bubulle at debian.org
Sat Feb 6 11:14:58 UTC 2010
Quoting Michael Gilbert (michael.s.gilbert at gmail.com):
> no, if you watch the video closely (also see [0]), you can see that they
> have read access to pretty much any file on the system
> (i.e. /etc/passwd) and write access to any location writable by the
> account they connect under.
>
> > That's a bug, it should be fixed, but its impact isn't release-critical.
>
> it's your call, but i disagree.
In such case, I think we should let upstream do their job and
investigate/discuss the issue...which is what happened when Jeremy
posted in samba at lists.samba.org yesterday.
So, imho, the bug report was a little bit premature(en?) as I think
we've already confirmed that we follow upstream development closely enough.
As of now, I understand that the planned fix is to disable wide links
by default. In such case, I don't see much more action to have in
Debian. Particularly, I'm unsure about fixing lenny.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100206/c4f5ac6d/attachment-0001.pgp>
More information about the Pkg-samba-maint
mailing list