On Sun, 16 Mar 2003, Nir Livni wrote: > I've read the announcement carefully. > The announcement does not point a specific threat in the samba code. > It mentions that "This version of Samba adds explicit overrun and overflow > checks on > fragment re-assembly of SMB/CIFS packets to ensure that only valid > re-assembly is performed by smbd." > > It also mentions that samba is highly vulnerable to attacks from an external > network, > And that > 1. host based protection > 2. interface protection > 3. Using a firewall > 4. Using a IPC$ share deny > May reduce vulnerability to such attacks. > > There is no access to my samba servers from the internet, but I would like > to know more about this security issue - specially, which source codes are > involved. (SMB client code is currently no issue for me) > Any list of affected source files would be appreciated.
How can we be sure that you are not a script-kiddie? Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com