SECURITY ALERT: SAMBA VULNERABILITY

If you're using Samba, the open source utility that enables Linux systems to interoperate with Windows networks, be aware that there are new versions of Samba that deal with a serious security hole. In all previous versions of Samba, an attacker could compromise security on a targeted machine simply by supplying a NETBIOS computer name with certain path characters included.

To safeguard your system, immediately edit your /etc/smb.conf file to eliminate all occurrences of the macro "%m." This macro is used for a number of purposes in smb.conf, including setting up separate log files for more than one server. However, an attacker could disguise a system penetration by using a NETBIOS name that would, in effect, overwrite vital system security logs.

If you're not using the %m macro, it's not necessary to take any precautions; simply make sure that lines containing this macro are commented out. You should upgrade your Samba package only if you need to use this macro. To obtain a new version of Samba that fixes this security problem, visit the Samba Web site or your Linux distribution's home page to download the newest version of Samba (2.0.10 and 2.20a).

http://click.online.com/Click?q=14-5MiAIF-Wa38NVZlbZ7tzIUOv79RR