12/17/04: Vulnerabilities in Cisco, Veritas, and Samba
Holes Found in Cisco, Veritas, Samba Products By Wayne Rash -- Thursday was a big day for vulnerability announcements, but not necessarily for big vulnerabilities. Cisco on Thursday announced two problems with its products, one of which had the potential to be serious. A potentially serious problem with Samba appeared on Bugtraq, and Veritas reported a problem with Backup Exec versions 8 and 9. None of the problems should cause trouble for companies with good security practices.
I got worried when I saw Veritas and Samba in the title :)
Here's a tip: do not dismiss vulnerabilities because they can only be exploited locally. Many boxes running Samba may not necessarily be used directly by many people, but usually there are at least a few user accounts that could ssh in if they were so inclined. Locally does not mean sitting at the machine, it means from a user account, whether that user is logged in at the console or via ssh/telnet.
12/17/04: Vulnerabilities in Cisco, Veritas, and Samba
Holes Found in Cisco, Veritas, Samba Products By Wayne Rash -- Thursday was a big day for vulnerability announcements, but not necessarily for big vulnerabilities. Cisco on Thursday announced two problems with its products, one of which had the potential to be serious. A potentially serious problem with Samba appeared on Bugtraq, and Veritas reported a problem with Backup Exec versions 8 and 9. None of the problems should cause trouble for companies with good security practices.
I got worried when I saw Veritas and Samba in the title :) Here's a tip: do not dismiss vulnerabilities because they can only be exploited locally. Many boxes running Samba may not necessarily be used directly by many people, but usually there are at least a few user accounts that could ssh in if they were so inclined. Locally does not mean sitting at the machine, it means from a user account, whether that user is logged in at the console or via ssh/telnet.