I've just released version 1.9.18p6 of Samba. This release is in response to a potential security hole pointed out by Drago on BugTraq. The security hole involed a buffer overflow in the filename handling in reply_*() It is not at all clear that the security hole is actually exploitable. The existing code that checks for buffer overflows in Samba does catch the proposed exploit as posted to BugTraq but we considered it a grave enough risk that an immediate patch release is warranted. Note that if the hole is exploitable then it will only be possible to exploit it if the attacker already has write access to the exported filesystem. It is highly recommended that everyone upgrade to version 1.9.18p6 of Samba to avoid any possible exposure to this security hole. The new release is available from ftp://samba.anu.edu.au/pub/samba/ Cheers, Andrew