Monday, April 07, 2003

New Samba Vulnerability?

Slashdot is running a thread on a new Samba vulnerability which Digital Defense discovered. This comment by Jeremy Allison of the Samba team is one of the best reasons why event-based IDS data can fail, and should be reinforced by collecting session and full content data. He's responding to a challenge to prove he has unreleased exploits for Microsoft SMB/CIFS:

If you put one of your Windows servers on a network
I had access to I would be able to show you. I will
not release the code publicly (for obvious reasons).
Knowledge of these bugs would allow worms/viruses to
utterly cripple Microsoft based corporate networks.

If you choose not to believe me without exploit code
then that's up to you, but I will not act in an
unprofessional way to prove a point.

Jeremy Allison,
Samba Team.

No comments: