Re: [Full-Disclosure] [secure@security.sfbay.sun.com: Re: Samba version numbers]
From: Len Rose (len_at_netsys.com)
Date: 07/30/03
- Previous message: Darren Bennett: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPCexploit (dcom.c)"
- In reply to: Len Rose: "[Full-Disclosure] [secure@security.sfbay.sun.com: Re: Samba version numbers]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Tue, 29 Jul 2003 21:44:13 -0400
Actually Sun was right and I was wrong, they later contacted me
and pointed out the issues were valid for Samba prior to 2.2.8a.
Len
> ----- Forwarded message from Sun Security Coordination Team <secure@security.sfbay.sun.com> -----
> From: Sun Security Coordination Team <secure@security.sfbay.sun.com>
> Message-Id: <200307291649.h6TGnmh19367@security.sfbay.sun.com>
> Subject: Re: Samba version numbers
> To: len@netsys.com
> Date: Tue, 29 Jul 2003 09:49:48 -0700 (PDT)
> Reply-To: security-alert@sun.com
> X-Mailer: ELM [version 2.4ME+ PL61 (25)]
> MIME-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
>
> Hello Len,
>
> > Hi.. as far as I know there is a mistake in:
> >
> > Security Vulnerability in Samba(7) Versions 2.2.2 Through 2.2.8 May Allow
> > Remote User Unauthorized Privileges
> > http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53581&zone_32=category%3Asecurity
> >
> > It should be 2.2.2 through 2.2.7a
> >
>
> Thanks for notifying us about this. You are correct. We will make the
> changes though it will probably take a few days to filter through the
> system.
>
> Best regards,
> Sun Security Coordination Team
> security-alert@sun.com
>
> ----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
