hi, i am triaging security issues in debian. CVE-2009-2813 was issued for samba, but from the text [0], it appears to be mac-specific; however, there is not enough information to confirm or negate this. can you confirm that this is a mac-only issue or provide links to patches/information? if you need to reply to the private list, you can send a message to security@debian.org. thanks. [0] http://support.apple.com/kb/HT3865
Apple discovered the problem, and got the CVS number and issued their own patch for it. It was only later that they notified samba.org that generic Samba may be vulnerable. Yes if /etc/passwd is misconfigured then the same problem could be seen on debian. An administrator would have to explicitly do this however. Jeremy.
(In reply to comment #1) > Apple discovered the problem, and got the CVS number and issued their own patch > for it. It was only later that they notified samba.org that generic Samba may > be vulnerable. Yes if /etc/passwd is misconfigured then the same problem could > be seen on debian. An administrator would have to explicitly do this however. > Jeremy. thanks for the quick response.
I think we can close this one, right? Please re-open if it's still an issue. Thanks!