:-) I guess my only proof could be Jeremy. Jeremy knows me a bit. I gave him a little help with one of the latest fixes in 2.2.8 (delete on close).
Appreciate your help, Nir Livni -----Original Message----- From: Richard Sharpe [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2003 8:06 PM To: Nir Livni Cc: [EMAIL PROTECTED] Subject: RE: Question - Latest security alery of samba On Sun, 16 Mar 2003, Nir Livni wrote: > I've read the announcement carefully. > The announcement does not point a specific threat in the samba code. > It mentions that "This version of Samba adds explicit overrun and > overflow checks on fragment re-assembly of SMB/CIFS packets to ensure > that only valid re-assembly is performed by smbd." > > It also mentions that samba is highly vulnerable to attacks from an > external network, And that > 1. host based protection > 2. interface protection > 3. Using a firewall > 4. Using a IPC$ share deny > May reduce vulnerability to such attacks. > > There is no access to my samba servers from the internet, but I would > like to know more about this security issue - specially, which source > codes are involved. (SMB client code is currently no issue for me) Any > list of affected source files would be appreciated. How can we be sure that you are not a script-kiddie? Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com