Mark
2004-Apr-13 04:38 UTC
[Samba] Possible security issue with Samba 3.02 and MySQL database
I have been doing some testing with Samba and using MYSQL as the passdb backend (no it is not the security issue mentioned in the samba how-to) I found what I believe is is a serious security issue and I am not sure if this security issue is an operating system issue or a Samba issue that should be looked at by the Samba team. Is there such a place as to report such security concerns to the Samba team off list? mark
Herb Lewis
2004-Apr-13 05:18 UTC
[Samba] Possible security issue with Samba 3.02 and MySQL database
security issues should be sent to security@samba.org Mark wrote:> > I have been doing some testing with Samba and using MYSQL as the passdb > backend (no it is not the security issue mentioned in the samba how-to) > > I found what I believe is is a serious security issue and I am not sure > if this security issue is an operating system issue or a Samba issue > that should be looked at by the Samba team. Is there such a place as to > report such security concerns to the Samba team off list? > > > mark >
Andrew Bartlett
2004-Apr-13 07:52 UTC
[Samba] Possible security issue with Samba 3.02 and MySQL database
On Mon, Apr 12, 2004 at 09:37:38PM -0700, Mark wrote:> > I have been doing some testing with Samba and using MYSQL as the passdb > backend (no it is not the security issue mentioned in the samba how-to) > > I found what I believe is is a serious security issue and I am not sure > if this security issue is an operating system issue or a Samba issue > that should be looked at by the Samba team. Is there such a place as to > report such security concerns to the Samba team off list?security@samba.org is the correct off-list address to raise 'security issues' with the Samba team. (Note for others: 'how to configure samba' is not a security issue, nor is 'how to configure samba securely'. What we mean here is 'sombody can beak into the system' type security issues). Andrew Bartlett