[Pkg-samba-maint] Bug#514151: Bug#514151: samba: Account locking out doesnt work with an LDAP backend
Christian Perrier
bubulle at debian.org
Thu Feb 5 19:16:47 UTC 2009
Quoting Diego A. Gomez (diego at dgomez.com.ar):
> Package: samba
> Version: 2:3.2.5-4
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> This bug make Samba vulnerable to brute-force attack and make possible to gain administrator's domain priviledges.
Nothing in the bug log seems to be qualifying that issue as
such. Moreover, the fact that upstream didn't issue any security
update about this makes me think that both the criticity and the
security implications of that bug needs to be discussed.
Even more: what makes you think this is a *root* security hole?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20090205/db162877/attachment.pgp
More information about the Pkg-samba-maint
mailing list