severity 568493 important thanks On Fri, Feb 05, 2010 at 01:07:14AM -0500, Michael Gilbert wrote: > package: samba > version: 2:3.4.5~dfsg-1 > severity: critical
> hi, a zero-day remote access exploit has been demonstrated using a > vulnerability in samba [0]. the only info to go on right now is a > rather blurry video demonstrating the exploit in action as well as the > code modified. i know this isn't a lot to go on, but hopefully its > enough info to figure out the problem. > mike > [0] http://seclists.org/fulldisclosure/2010/Feb/82 Why are you presuming to file critical-severity bugs for an unconfirmed vulnerability if you can't even give a description of what that vulnerability is? There's nothing critical here; the video shows that, if you allow untrusted users anonymous access to a Samba share, they can read any files on the system that your guest user (i.e., user 'nobody') can read. That's a bug, it should be fixed, but its impact isn't release-critical. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
