Subject: Samba 2.0.8
To: None <tech-security@netbsd.org>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: tech-security
Date: 05/09/2001 11:16:46
I have no idea whether or not this is the right list, but it seems that in
pkgsrc, there is:

The following security vulnerabilities are known for net/samba at May 1
10:20 : 

      samba<2.0.8 has a local-symlink-race exploit (see
      http://www.securityfocus.com/templates/archive.pike?list=1&mid=177370 for
      more details) 

and at www.samba.org:

o (9th May 2001) Samba 2.0.9 released - SECURITY FIX

  The recent Samba 2.0.8 release did not fix the local /tmp security
  hole. The 2.0.9 release corrects that. Note that the 2.2.0 release
  did fix the hole and you should only install 2.0.9 if you don't
  want to use the 2.2.x release just yet. The 2.0.9 release is
  available here and the patch is available here.


Cheers,

Patrick