Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba Exploit Discovered, Fixed

Posted by timothy on from the lickety-split-sortof dept.

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

15 of 221 comments (clear)

  1. frosty pist by adhesiv · · Score: 0, Funny

    in soviet russia ice cubes crush you

    --
    "Good god people, we would have accepted 'bow-wow' or 'ruff'...Ah! Rough, just the way your mother likes it Trebek."
  2. Okay everybody... by Anonvmous+Coward · · Score: 2, Funny

    ... you know the drill. Pitchforks ready!

    1. Re:Okay everybody... by NanoGator · · Score: 4, Funny

      "Okay everybody... ... you know the drill. Pitchforks ready! "

      Whoah, slow down there buddy. We gotta check the list.

      -Microsoft? No.
      -RIAA/MPAA? No.
      -IBM? No.
      -Amazon? No.
      -TurboTax? No.

      Sorry, Samba's not on the list. Turn in your pitchfork for a song of praise.

      --
      "Derp de derp."
  3. Mondays? by raydobbs · · Score: 5, Funny

    I thought Monday was Patch Your Microsoft Server days... SAMBA is allowed Thursday, or was that...Wednesday...? I forget....

    1. Re:Mondays? by carpe_noctem · · Score: 2, Funny

      nono...Thursday is for sendmail. We'll pencil in samba on wednesdays.

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
    2. Re:Mondays? by Lxy · · Score: 5, Funny

      I thought Monday was Patch Your Microsoft Server days

      Samba is just trying to emulate every aspect of a Windows server, including Windows patch Mondays.

      Yet another compatibility feature we can check off the list.

      --

      There is no reasonable defense against an idiot with an agenda
      :wq
  4. Feature? by Jonathan+the+Nerd · · Score: 5, Funny

    Well, Samba is supposed to make a Unix computer look and act like a Windows server, right? In that case, it could be argued that a remote root exploit is a feature.

    --
    Disclaimer: The opinions expressed are not necessarily my own, as I've not yet had my medication today.
    1. Re:Feature? by cyb97 · · Score: 2, Funny

      They seem to have fixed the 3.11 - 3.10 = 0 bug in calc.exe now... You mean there are other longrunning bugs in Windows?

  5. 8 Years?? by MeanMF · · Score: 4, Funny

    This sort of thing could never have happened if it was Open Source! Thousands of people would have reviewed the source code to make sure that there were no problems like this.

    Oh wait...

  6. I definitly "had a case of the mondays"!@! by caffeinex36 · · Score: 3, Funny

    "Did you plan to spend your Monday upgrading to Samba 2.2.8a?"


    No, I spent monday yelling at people trying to explain to them "WHY" they need to updgrade. Dumb S.A.'s.

    Low and behold an intern sysadmin tells me "Looks like someone has a case of the mondays!"

    ...It's ok...just wait until he sees me put his pink slip in his /root

    /end monday rant
    Rob

  7. Err by bedouin · · Score: 2, Funny

    Rebuilding this for a second time this week on a 25mhz machine almost makes me want to upgrade to a faster CPU.

  8. Re:Don't worry guys! by zulux · · Score: 4, Funny

    Here's Hoping the Modierators don't
    actually read this closely. See, there's
    this dude named Jeremy Allison, one of the
    nice people who writes code for Samba.

    I've used Samba for years - I've used
    to replace or prevent about 20 Microsft
    Windows Instalations over the last few years.

    But by mimicking Jeremy's layout style
    and putting his .sig at the bottom of
    this post - I just might get some undeserved
    Karma.

    Let's see if it works.

    Jeremy Allison,
    Samba Team.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  9. Whoa! by truesaer · · Score: 4, Funny
    At level 4 and higher messages only, I count 43 mod points for Jeremy Allison.

    Conspiracy theory: He created this bug because he's a karma whore!! :)

    1. Re:Whoa! by Jeremy+Allison+-+Sam · · Score: 4, Funny

      Oh no - you've discovered my secret. And it took
      8 years to come to fruition.....

      Now I'll have to kill you :-).

      Jeremy.

  10. There's a difference by roesti · · Score: 2, Funny
    If this had been a bug for a MS product, you'd be slamming MS hard. But now all I see is a mountain of whiny, hypocritical comments when it is in the non-MS camp.

    Well, there is actually a difference.

    It might have taken eight years for someone to notice the bug and release a security advisory. However, once that was done, it only took the developers a week to release a patch.

    Had it been in a Microsoft product, it would have taken a week to get a security advisory, and eight years to get the patch.

    --
    Attack its weak point for massive damage!