Yenya's World

Fri, 10 Jul 2015

My First CVE Number

After banging our collective heads against the wall while trying to discover why one Samba share works as we expect, while another one with the same configuration on the same server does not, I have finally admitted that the bug is not in our setup, but probably in Samba itself.

Interestingly enough, the expected behaviour was the share where it did not work, and the other one worked only by accident. The fact that it worked in one case turned out to be a potential minor security issue. So this is the first security issue I have discovered, which has its own CVE number: CVE-2015-3287 (details will be in Samba bug #11395 after it is declassifiled).

I appreciate the fast response of Samba developer Jeremy Allison: the first fix was available within 3.5 hours after the bug was reported.

Section: /computers (RSS feed) | Permanent link | 1 writebacks

1 replies for this story:

Peter Kruty wrote:

3,5h,that pretty fast. Nice.

Reply to this story:

URL/Email: [http://... or mailto:you@wherever] (optional)
Title: (optional)
Key image: key image (valid for an hour only)
Key value: (to verify you are not a bot)


Yenya's World: Linux and beyond - Yenya's blog.


RSS feed

Jan "Yenya" Kasprzak

The main page of this blog



Blog roll:

alphabetically :-)