[oi-dev] samba security

Gary Driggs gdriggs at gmail.com
Sun Apr 15 13:23:37 UTC 2012


On Apr 15, 2012, Alasdair Lumsden wrote:

> Unfortunately however the new version probably won't make the stable branch. The stuff in illumos-userland will be destined for /experimental followed by /dev.

You may wish to reconsider...

"A remote, pre-authentication vulnerability is essentially the most
severe kind of flaw that can crop up in a software package such as
Samba. An attacker who found a vulnerable installation of Samba would
not need to authenticate in order to launch an exploit."

http://m.threatpost.com/en_us/blogs/remote-pre-authentication-flaw-fixed-samba-041112




More information about the oi-dev mailing list