:-)
I guess my only proof could be Jeremy.
Jeremy knows me a bit.
I gave him a little help with one of the latest fixes in 2.2.8 (delete on
close).

Appreciate your help,
Nir Livni

-----Original Message-----
From: Richard Sharpe [mailto:[EMAIL PROTECTED] 
Sent: Sunday, March 16, 2003 8:06 PM
To: Nir Livni
Cc: [EMAIL PROTECTED]
Subject: RE: Question - Latest security alery of samba


On Sun, 16 Mar 2003, Nir Livni wrote:

> I've read the announcement carefully.
> The announcement does not point a specific threat in the samba code. 
> It mentions that "This version of Samba adds explicit overrun and 
> overflow checks on fragment re-assembly of SMB/CIFS packets to ensure 
> that only valid re-assembly is performed by smbd."
> 
> It also mentions that samba is highly vulnerable to attacks from an 
> external network, And that
> 1. host based protection
> 2. interface protection
> 3. Using a firewall
> 4. Using a IPC$ share deny
> May reduce vulnerability to such attacks.
> 
> There is no access to my samba servers from the internet, but I would 
> like to know more about this security issue - specially, which source 
> codes are involved. (SMB client code is currently no issue for me) Any 
> list of affected source files would be appreciated.

How can we be sure that you are not a script-kiddie?

Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

Reply via email to