[samba-jp:20863] Re: [FYI] Samba 3.4.2,3.3.8,3.2.15,3.0.37が出ました

Takahiro Kambe taca @ back-street.net
2009年 10月 5日 (月) 15:35:27 JST


In message <20091005.001120.116927611.taca @ back-street.net>
	on Mon, 05 Oct 2009 00:11:20 +0900 (JST),
	Takahiro Kambe <taca @ back-street.net> wrote:
>    o CVE-2009-2813:
>      In all versions of Samba later than 3.0.11, connecting to the home
>      share of a user will use the root of the filesystem
>      as the home directory if this user is misconfigured to have
>      an empty home directory in /etc/passwd.
> 
>    o CVE-2009-2948:
>      If mount.cifs is installed as a setuid program, a user can pass it a
>      credential or password path to which he or she does not have access and
>      then use the --verbose option to view the first line of that file.
>      All known Samba versions are affected.
...
> への対応のようですが、CVE-2009-2813以外は参照すべきCVEのエントリが未だ
> ないみたいなんですよねぇ...。
現状、www.samba.orgの中にだけ、存在してるようです。

	http://www.samba.org/samba/security/CVE-2009-2948.html
	http://www.samba.org/samba/security/CVE-2009-2906.html

-- 
神戸 隆博(かんべ たかひろ)		at 仕事場 



samba-jp メーリングリストの案内