The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security bugfix for Samba

To: security@redhat.com
Subject: Security bugfix for Samba
From: Christopher Blizzard <blizzard@AppliedTheory.com>
Date: Fri, 26 Sep 1997 13:20:43 -0400
Cc: security@debian.org, security@caldera.com
Delivered-to: security@debian.org
Resent-cc: recipient list not shown: ;
Resent-date: 26 Sep 1997 17:19:57 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"CKm0a.A.q3C.86-K0"@debian>
Resent-sender: debian-private-request@lists.debian.org

Not that you probably don't already know but.... :)

--Chris

------------
Christopher Blizzard
AppliedTheory Communications, Inc. 
http://odin.appliedtheory.com/
blizzard@appliedtheory.com
------------

------- Forwarded Message

>From owner-bugtraq@NETSPACE.ORG  Fri Sep 26 12:36:01 1997
Return-Path: <owner-bugtraq@NETSPACE.ORG>
Received: from franklin.appliedtheory.com (franklin.appliedtheory.com [192.77.173.116])
	by odin.appliedtheory.com (8.8.7/8.8.7) with ESMTP id MAA16572
	for <blizzard@odin.appliedtheory.com>; Fri, 26 Sep 1997 12:36:01 -0400
Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143])
	by franklin.appliedtheory.com (8.8.6/8.8.6) with ESMTP id MAA13071;
	Fri, 26 Sep 1997 12:26:58 -0400 (EDT)
Received: from unknown@netspace.org (port 56069 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <31166-25826>; Fri, 26 Sep 1997 11:39:53 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
          spool id 4901339 for BUGTRAQ@NETSPACE.ORG; Fri, 26 Sep 1997 11:39:22
          -0400
Received: from brimstone.netspace.org (brimstone [128.148.157.143]) by
          netspace.org (8.8.7/8.8.2) with ESMTP id LAA12708 for
          <BUGTRAQ@NETSPACE.ORG>; Fri, 26 Sep 1997 11:28:21 -0400
Received: from unknown@netspace.org (port 56069 [128.148.157.6]) by
          brimstone.netspace.org with ESMTP id <16328-25824>; Fri, 26 Sep 1997
          11:28:13 -0400
Approved-By: aleph1@UNDERGROUND.ORG
Received: from samba.anu.edu.au (samba.anu.edu.au [150.203.164.44]) by
          netspace.org (8.8.7/8.8.2) with ESMTP id KAA03099 for
          <bugtraq@NETSPACE.ORG>; Fri, 26 Sep 1997 10:08:02 -0400
Received: from tridge@localhost by samba.anu.edu.au id <12593854-13111>; Sat,
          27 Sep 1997 00:07:22 +1000
Message-ID: <19970926140722Z12593854-13111+3@samba.anu.edu.au>
Date: 	Sat, 27 Sep 1997 00:07:19 +1000
Reply-To: Andrew.Tridgell@anu.edu.au
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Andrew Tridgell <tridge@SAMBA.ANU.EDU.AU>
Subject:      Security bugfix for Samba
To: BUGTRAQ@NETSPACE.ORG

                Security bugfix for Samba
                -------------------------

A security hole in all versions of Samba has been recently
discovered. The security hole allows unauthorized remote users to
obtain root access on the Samba server.

An exploit for this security hole has been posted to the internet so
system administrators should assume that this hole is being actively
exploited.

The exploit for the security hole is very architecture specific and
has been only demonstrated to work for Samba servers running on Intel
based platforms. The exploit posted to the internet is specific to
Intel Linux servers. It would be very difficult to produce an exploit
for other architectures but it may be possible.

A new release of Samba has now been made that fixes the security
hole. The new release is version 1.9.17p2 and is available from
ftp://samba.anu.edu.au/pub/samba/samba-1.9.17p2.tar.gz

This release also adds a routine which logs a message if anyone
attempts to take advantage of the security hole. The message (in the
Samba log files) will look like this:

        ERROR: Invalid password length 999
        you're machine may be under attack by a user exploiting an old bug
        Attack was from IP=aaa.bbb.ccc.ddd

where aaa.bbb.ccc.ddd is the IP address of the machine performing the attack.

        The Samba Team
        samba-bugs@samba.anu.edu.au


------- End of Forwarded Message


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Prev by Date: Re: Can I interest anyone in RPM?
Next by Date: Security bugfix for Samba (fwd)
Previous by thread: Re: Please help a newbie developer
Next by thread: Security bugfix for Samba (fwd)
Index(es):
- Date
- Thread