Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Drew on March 17, 2003, 05:15:02 AM

Title: Samba 2.2.8 for SME due to security fix?
Post by: Drew on March 17, 2003, 05:15:02 AM

Has everyone seen this Samba security fix update to version 2.2.8?

http://us3.samba.org/samba/whatsnew/samba-2.2.8.html

Has there been a version released for SME?

Title: Re: Samba 2.2.8 for SME due to security fix?
Post by: Andrew Hodgson on March 17, 2003, 10:36:05 PM

Hi,

There is a howto on upgradeing to an older version of Samba already available - I am not sure whether it will work on 5.6/newer versions of Samba.

The problem imho does need fixing though as people may be affected if they are running as a gateway and/or the firewall behind the server allows SMB specific ports through.

Title: Re: Samba 2.2.8 for SME due to security fix?
Post by: Charlie Brady on March 17, 2003, 11:19:30 PM

Andrew Hodgson wrote:

> The problem imho does need fixing though as people may be
> affected if they are running as a gateway and/or the firewall
> behind the server allows SMB specific ports through.

SME/e-smith servers running in gateway mode will not be vulnerable to any attack against this vulnerability from Internet addresses. All non-public services (including samba) are protected by packet firewalling, and are also configured to deny any service requests from other than the local network.

Regards

Charlie

Title: Re: Samba 2.2.8 for SME due to security fix?
Post by: Andrew Hodgson on March 18, 2003, 01:47:32 AM

Charlie,

Thanks and sorry for the misinformation.

Andrew.