[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Fw: URGENT: Samba security hole
- Subject: Re: [cobalt-security] Fw: URGENT: Samba security hole
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: Mon, 25 Jun 2001 08:36:17 -0700
- Organization: Cobalt Networks, Inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 22 Jun 2001, Gerald Waugh wrote:
> > Summary
> > - -------
> >
> > A serious security hole has been discovered in all versions of Samba
> > that allows an attacker to gain root access on the target machine for
> > certain types of common Samba configuration.
> >
> > The immediate fix is to edit your smb.conf configuration file and
> > remove all occurances of the macro "%m". Replacing occurances of %m
> > with %I is probably the best solution for most sites.
We are aware of this issue, and are working to resolve it quickly.
Jeff
--
Jeff Lovell
Sun Microsystems Inc.