On Thu, 25 May 2017 12:06:23 +1200, Peter Reutemann wrote:
'Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed.'
-- source: https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-l...
The fix, linked to from <https://www.theregister.co.uk/2017/05/25/fatthumbed_dev_slashes_samba_security/>, is just NTSTATUS status; + if (strchr(pipename, '/')) { + DEBUG(1, ("Refusing open on pipe %s\n", pipename)); + return false; + } + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { DEBUG(10, ("refusing spoolss access\n")); return false;