(9th Feb, 2004) Happy Valentine's Day -- Samba 3.0.2 now available for download
The second patch release of the Samba 3.0 code base is now available for download from samba.org.
Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. Samba administrators not wishing to upgrade to the current version should download the 3.0.2 release, build the pdbedit tool, and run
|
Quellcode
|
1
|
root# pdbedit-3.0.2 --force-initialized-passwords
|
This will disable all accounts not possessing a valid password (e.g. the password field has been set a string of X's).
Samba servers running 3.0.2 are not vulnerable to this bug regardless of whether or not pdbedit has been used to sanitize the passdb backend.
Thanks once again to everyone who donated time, code, and testing resources to make this release possible.
The source code and GnuPG signatures can be found on Samba mirrors. RPMS for several platforms are available in the
Binary_Packages download area. The
full release notes are available on-line as well.