This critical vulnerability in Samba is widely reported as affecting Macs, and looking at the Samba versions in OS X 10.5 and 10.6, it looks like it's the case:
OS X 10.5 - Samba Version 3.0.25a-apple
OS X 10.6 - Samba Version 3.0.28a-apple
Most reports state that it only affects OS X Server versions but of course that's not the case - anyone who has File Sharing switched on and includes SMB sharing is running smbd and is therefore vulnerable.
Samba have issued patches for many versions right back to 3.0.25, but of course we can't patch this in OS X. Has anyone heard of a response from Apple regarding this? I can't find anything on the internet.
If Apple issue a patch but it only works on 10.6 (like with the recent Java bug), then this is the final nail in the coffin of using a PowerMac or G5 Xserve as a workhorse file server in a Windows environment.
OS X 10.5 - Samba Version 3.0.25a-apple
OS X 10.6 - Samba Version 3.0.28a-apple
Most reports state that it only affects OS X Server versions but of course that's not the case - anyone who has File Sharing switched on and includes SMB sharing is running smbd and is therefore vulnerable.
Samba have issued patches for many versions right back to 3.0.25, but of course we can't patch this in OS X. Has anyone heard of a response from Apple regarding this? I can't find anything on the internet.
If Apple issue a patch but it only works on 10.6 (like with the recent Java bug), then this is the final nail in the coffin of using a PowerMac or G5 Xserve as a workhorse file server in a Windows environment.
