Update kills code-execution threat in Samba
Five years of code vulnerable
Samba developers have warned of a software flaw that allows attackers to remotely execute malicious code on systems running the widely used file-sharing package.
Version 3.5.5, which was released on Tuesday, fixes the underlying buffer overrun in functions used to generate a credential known as a Windows Security ID. It can be exploited by sending a booby-trapped ID that overflows the stack variable and injects malicious code into memory.
It remains unclear how easy it is to exploit the bug. H D Moore, CSO of Rapid7 and chief architect of the Metasploit project, said the only vector he's been able to identify is an option known as quota support, which isn't enabled by default. Even when turned on, he added, an attacker would need a root password.
Moore said other possible openings included the file find, the get/set user quota, and active directory, but so far none of them has panned out.
Samba is used to share files across systems running Linux, Windows, and Mac OS X. The vulnerability affects Samba versions going back to 3.0, which was released more than five years ago. It was discovered during an internal audit.
Andrew Bartlett, the Cisco Systems employee who identified the bug, didn't return an email seeking additional details. ®
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
COMMENTS
Need root password ???
Excuse me, but if somebody has a root password, your problems mill be far more important than having a remote code execution by a stack overflow in Samba.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM Implementer’s Checklist
Steps to Take Before Choosing a Business Continuity Partner
