In association with heise online

12 September 2007, 12:02

New version of Samba fixes vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Samba development team have announced version 3.0.26 (gzip file) of their free file and print server, which fixes a vulnerability. Under certain circumstances domain users using the rfc2307 or sfu "winbind nss info" plugins may be assigned to the wrong group and thus receive enhanced access privileges. According to reports, the bug only manifested itself in combination with Microsoft's Active Directory Services where the primary group attributes for RFC2307 or SFU had not been set.

The developers identify versions 3.0.25 to 3.0.25c as vulnerable. As well as the new version, a patch is also available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit