Koozali.org: home of the SME Server

Samba 2.2.8 for SME due to security fix?

Drew

Samba 2.2.8 for SME due to security fix?
« on: March 17, 2003, 05:15:02 AM »
Has everyone seen this Samba security fix update to version 2.2.8?

http://us3.samba.org/samba/whatsnew/samba-2.2.8.html

Has there been a version released for SME?

Andrew Hodgson

Re: Samba 2.2.8 for SME due to security fix?
« Reply #1 on: March 17, 2003, 10:36:05 PM »
Hi,

There is a howto on upgradeing to an older version of Samba already available - I am not sure whether it will work on 5.6/newer versions of Samba.

The problem imho does need fixing though as people may be affected if they are running as a gateway and/or the firewall behind the server allows SMB specific ports through.

Charlie Brady

Re: Samba 2.2.8 for SME due to security fix?
« Reply #2 on: March 17, 2003, 11:19:30 PM »
Andrew Hodgson wrote:

> The problem imho does need fixing though as people may be
> affected if they are running as a gateway and/or the firewall
> behind the server allows SMB specific ports through.

SME/e-smith servers running in gateway mode will not be vulnerable to any attack against this vulnerability from Internet addresses. All non-public services (including samba) are protected by packet firewalling, and are also configured to deny any service requests from other than the local network.

Regards

Charlie

Andrew Hodgson

Re: Samba 2.2.8 for SME due to security fix?
« Reply #3 on: March 18, 2003, 01:47:32 AM »
Charlie,

Thanks and sorry for the misinformation.

Andrew.