<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><FONT size=2>
<P>- New vulnerability in Samba - </P>
<P>Oxygen3 24h-365d, by Panda Software
(http://www.pandasoftware.com)</P></FONT></FONT></FONT></FONT>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2>Madrid, April 9 2003 - A
new vulnerability has been detected in Samba, the<SPAN class=410303502-10042003>
</SPAN>Open Source/Free Software suite that provides file and print services
to<SPAN class=410303502-10042003> </SPAN></FONT></FONT></FONT><FONT face=Arial
color=#0000ff size=2>SMB/CIFS clients. </FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2>According to Vnunet, the
Samba team has confirmed that the new problem<SPAN class=410303502-10042003>
</SPAN>affects all versions of the program. Samba has also explained that if
the<SPAN class=410303502-10042003> v</SPAN>ulnerability is exploited correctly,
it could lead to an anonymous user<SPAN class=410303502-10042003> </SPAN>gaining
root access on a Samba serving system (i.e. with administration<SPAN
class=410303502-10042003> </SPAN></FONT></FONT></FONT><FONT face=Arial
color=#0000ff size=2>permissions).</FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2>The advisory itself has not
been without incident, as the initial<SPAN class=410303502-10042003>
</SPAN>publication contained a working exploit, which could allow any user
who<SPAN class=410303502-10042003> </SPAN></FONT></FONT></FONT><FONT face=Arial
color=#0000ff size=2>downloaded the code to gain root access. </FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2>All users of Samba are
advised to install version 2.2.8a, in which the<SPAN class=410303502-10042003>
</SPAN></FONT></FONT></FONT><FONT face=Arial color=#0000ff size=2>vulnerability
has been corrected.</FONT></P></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"><FONT face=Arial color=#0000ff
size=2></FONT> </BLOCKQUOTE></BODY></HTML>