Samba Exploit Discovered, Fixed
An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?"
elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."
"Okay everybody... ... you know the drill. Pitchforks ready! "
Whoah, slow down there buddy. We gotta check the list.
-Microsoft? No.
-RIAA/MPAA? No.
-IBM? No.
-Amazon? No.
-TurboTax? No.
Sorry, Samba's not on the list. Turn in your pitchfork for a song of praise.
"Derp de derp."
I thought Monday was Patch Your Microsoft Server days... SAMBA is allowed Thursday, or was that...Wednesday...? I forget....
Well, Samba is supposed to make a Unix computer look and act like a Windows server, right? In that case, it could be argued that a remote root exploit is a feature.
Disclaimer: The opinions expressed are not necessarily my own, as I've not yet had my medication today.
This sort of thing could never have happened if it was Open Source! Thousands of people would have reviewed the source code to make sure that there were no problems like this.
Oh wait...
Here's Hoping the Modierators don't
.sig at the bottom of
actually read this closely. See, there's
this dude named Jeremy Allison, one of the
nice people who writes code for Samba.
I've used Samba for years - I've used
to replace or prevent about 20 Microsft
Windows Instalations over the last few years.
But by mimicking Jeremy's layout style
and putting his
this post - I just might get some undeserved
Karma.
Let's see if it works.
Jeremy Allison,
Samba Team.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Conspiracy theory: He created this bug because he's a karma whore!! :)