[Samba] CVE-2008-1105 - Samba

This is a discussion on [Samba] CVE-2008-1105 - Samba ; Hello list! Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. The samba.org website claims "This security advisory is applicable to all Samba 3.0.x releases to date" Yet the actual CVE [1] has "Versions: Samba 3.0.0 ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] CVE-2008-1105

  1. [Samba] CVE-2008-1105

    Hello list!

    Just wanted to confirm whether this CVE affects the 3.0.4 version of
    Samba..

    The samba.org website claims "This security advisory is applicable to
    all Samba 3.0.x releases to date"

    Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)"

    The CVE suggests that the version 3.0.4 would not be affected, my confused!


    Thanks in advance,

    Derek


    [1] http://us1.samba.org/samba/security/CVE-2008-1105.html
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] CVE-2008-1105

    On Thu, Jun 5, 2008 at 7:27 PM, Derek wrote:
    > Hello list!
    >
    > Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba..
    >
    > The samba.org website claims "This security advisory is applicable to all
    > Samba 3.0.x releases to date"
    >
    > Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)"
    >
    > The CVE suggests that the version 3.0.4 would not be affected, my confused!
    >

    Yes this really old version of samba is affected but this CVE and
    quite a few others...

    John
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] CVE-2008-1105

    On Fri, Jun 06, 2008 at 11:27:25AM +1200, Derek wrote:
    > Just wanted to confirm whether this CVE affects the 3.0.4 version of
    > Samba..
    >
    > The samba.org website claims "This security advisory is applicable to
    > all Samba 3.0.x releases to date"
    >
    > Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)"
    >
    > The CVE suggests that the version 3.0.4 would not be affected, my confused!


    I'm not a native english speaker, but I wonder from what
    term in the CVE you read that 3.0.4 is not affected....

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFISNkuUzqjrWwMRl0RAh9cAKCVqmZ9spOcjUh3eEL7IL 80SG4mfgCdHB6N
    m021GrELCQoysMsErJVENfg=
    =a3U6
    -----END PGP SIGNATURE-----


  4. Re: [Samba] CVE-2008-1105

    Volker Lendecke wrote:
    >> Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)"
    >>
    >> The CVE suggests that the version 3.0.4 would not be affected, my confused!
    >>

    >
    > I'm not a native english speaker, but I wonder from what
    > term in the CVE you read that 3.0.4 is not affected....
    >

    I think this comes from the fact that 0.4 > 0.29

    I know I have had issues in the past trying to explain that it isn't a
    decimal point and that version 1.10 is later than 1.9 despite the fact
    that mathematically 1.9 is greater.

    *Michael Heydon - IT Administrator *
    michaelh@jaswin.com.au

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread