search for: server_security

Displaying 19 results from an estimated 19 matches for "server_security".

2006 Jul 10
5
[SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
...are connection requests. This defect affects all Samba configurations. ================== Patch Availability ================== A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======= Credits ======= This security issue discovered during an internal security audit of the Samba source code by the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================...
2006 Jul 10
5
[SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
...are connection requests. This defect affects all Samba configurations. ================== Patch Availability ================== A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html ======= Credits ======= This security issue discovered during an internal security audit of the Samba source code by the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================...
2010 Jan 27
1
max smbd processes
Samba 3.2.5 on Debian Lenny From: http://www.samba.org/samba/docs/server_security.html "Samba is able to limit the number of concurrent connections when smbd is launched as a daemon (not from inetd). The 'max smbd processes' smb.conf option allows Administrators to define the maximum number of smbd processes running at any given point in time. Any further attempts f...
2004 Dec 16
1
CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
...run the latest stable release as a defense against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. ======= Credits ======= This security issue was reported to Samba developers by iDEFENSE Labs. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ======...
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). The defect discovery was anonymously reported to iDEFENSE via their Vulnerability Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp). - -- Our Code, Our Bugs, O...
2004 Sep 30
0
Samba Security Announcement -- Potential Arbitrary File Access
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU...
2004 Sep 30
0
SECURITY: Samba 2.2.12 Available for Download
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file h...
2004 Oct 05
0
ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Please report any security related issues to <security@samba.org> Our Code, Our Bugs, Our Responsibility. --...
2004 Nov 08
0
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- This security issue was reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Lin...
2004 Nov 15
0
[SECURITY] CAN-2004-0882: Possible Buffer Overrun in smbd
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- This security issue was reported to Samba developers by Stefan Esser from e-matters Security (http://security.e-matters.de/). - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Commen...
2004 Dec 16
0
CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
...run the latest stable release as a defense against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. ======= Credits ======= This security issue was reported to Samba developers by iDEFENSE Labs. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ======...
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). The defect discovery was anonymously reported to iDEFENSE via their Vulnerability Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp). - -- Our Code, Our Bugs, O...
2004 Sep 30
0
Samba Security Announcement -- Potential Arbitrary File Access
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/...
2004 Sep 30
0
SECURITY: Samba 2.2.12 Available for Download
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file h...
2004 Oct 05
0
ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
...n the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - -------- Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Please report any security related issues to <security@samba.org> Our Code, Our Bugs, Our Responsibility. --...
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
...d printer command, etc...) from smb.conf. The Samba Team always encourages users to run the latest stable release as a defense against attacks. If this is not immediately possible, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html ======= Credits ======= This vulnerability was discovered by an anonymous researcher and reported to Samba developers by Joshua J. Drake, iDefense Labs (http://www.idefense.com/), as part of their Vulnerability Contributor Program. The time line is as follows: * May 7, 2007: Initial defe...
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
...anging the server code in the smbd daemon. The Samba Team always encourages users to run the latest stable release as a defense against attacks. If this is not immediately possible, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html ======= Credits ======= This vulnerability was reported to Samba developers by Brian Schafer, TippingPoint Security Response Lead, as part of the Zero Day Initiative (http://www.zerodayinitiative.com). The time line is as follows: * April 25, 2007: Four individual defects reported to the...
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
...anging the server code in the smbd daemon. The Samba Team always encourages users to run the latest stable release as a defense against attacks. If this is not immediately possible, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html ======= Credits ======= This vulnerability was reported to Samba developers by Paul Griffith <paulg@cse.yorku.ca> and Andrew Hogue. Much thanks to Paul and Andrew for their cooperation and patience in the announcement of this defect. Thanks also to Samba developers James Peach and J...
2007 Aug 03
6
try to bind samba traffic to specific interface - without success
Hello, tonight my home samba server attracted my attention because i had seen that the complete traffic (copy user->server / server->user) goes via eth0 and not how specified in smb.con via the eth2 interface. i tried to bind it like this: *interfaces = lo eth2 * in smb.conf ... any idea? best regards Jan