SECUR> Samba flaw threatens Linux file servers
- From: Gleason Sackmann <gleason@xxxxxxxxxxxxxxx>
- To: NetHappenings <nethappenings@xxxxxxxxxxxxx>
- Date: Wed, 09 Apr 2003 08:30:00 -0500
**************************************************************
Net Happenings - From Educational CyberPlayGround
**************************************************************
Samba flaw threatens Linux file servers
The Samba Team has released a patch for a security flaw which would allow
an attacker to gain root access to a Samba server connected to the
Internet. Samba is a popular application for sharing Windows files over
Unix-type systems. The vulnerability has already been exploited against
several servers. The flaw is in the Linux, FreeBSD, and Solaris versions of
Samba. The flaw was discovered by Digital Defense, who inadvertently posted
a Perl script to exploit the vulnerability in their advisory. This flaw is
unrelated to another flaw that Samba released a patch for on March 17, 2003.
http://news.com.com/2100-1002-995834.html
Security firm regrets Samba disclosure
Digital Defense, a cybersecurity firm based in San Antonio, Texas, has
apologized for publishing code to exploit a recently discovered
vulnerability in Samba, a utility for sharing Windows files over Unix-based
systems. Digital Defense states that management did not approve the
release, and that the company "has taken aggressive procedural and policy
measures to reduce the likelihood of a similar recurrence." One of the
analysts, Eric Parker, has been up-front about his role in the matter, and
explained that his team made the decision since the vulnerability had
already been exploited. Andrew Tridgell, author of Samba, and joint head of
the Samba team was outraged--Digital Defense sent a draft advisory without
the exploit to the Samba Team for approval, then published it with the exploit.
http://news.com.com/2100-1002-995939.html
**************************************************************************
Educational CyberPlayGround links to Technology
<http://www.edu-cyberpg.com/Technology/Home_TECHNOLOGY.html>
Find Information on Security for
Teachers, Administrators, Ed. Tech, and Classroom Resources
**************************************************************************
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Net Happenings,K12 Newsletters, Network Newsletters, New-list
http://www.edu-cyberpg.com/Community/index.html
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
EDUCATION VENDOR DIRECTORY
http://www.edu-cyberpg.com/TheMall/Home_TheMall.asp
SERVICES
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:
- » SECUR> Samba flaw threatens Linux file servers
