Re: CVE-2008-1105 - clarification request | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote:
> Gustavo Homem wrote:
> > Hi,
> >
> > The announcement states:
> >
> > "Secunia Research reported a vulnerability that allows for
> > the execution of arbitrary code in smbd"
> >
> > Does this means arbitrary code executed "as root" ou as the user that is
> > authenticaded after smdb drops privilegies?
>
> Potentially either. smbd never drops privileges and can always
> re-become root.
Are you sure about this?
├─smbd─┬─2*[smbd]
│ ├─smbd(gustavo)
│ └─smbd(asdrubal)
>From pstree I allways see an smbd process for each user mount.
What I want to know is if the vulnerable call is run as the local user or
root.
Thanks
Gustavo
>
> > Does this affect samba 2.x as well? What versions?
>
> Technically affects Samba 2.2.4 and later. but Samba 2.2 is
> reached EOL several years ago.
>
>
>
>
> cheers, jerry
--
Angulo Sólido - Tecnologias de Informação
http://angulosolido.pt
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Linux] [Info Cyrus] [LARTC] [Christmas Music] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]
|
|