Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba Exploit Discovered, Fixed

Posted by timothy on from the lickety-split-sortof dept.

An anonymous reader submits: "Digital Defense reported a remote root vulnerability in Samba that has existed in Samba source code for over 8 years. If it hadn't been caught from a wild packet capture, who knows how many more years it might have gone on. Fixes for this, and at least three other vulnerabilities have been fixed today. This is a serious threat to many thousands of people.. Did you plan to spend your Monday upgrading to Samba 2.2.8a?" elijahao supplies some more information: "All stable versions are affected (2.x), but the 3.0 series is not. Here is a link to the News page. Check out a mirror near you to get the Source or Security patches from 2.2.7a, 2.2.8, or 2.0.10."

5 of 221 comments (clear)

  1. Already fixed in FreeBSD ports by dnaumov · · Score: 4, Informative

    A FreeBSD Security Advisory has been issued and the samba port has been updated to the fixed version:

    samba 2.2.8a
    Update 2.2.8 -> 2.2.8a.
    Submitted by: dwcjr (MAINTAINER)
    I already updated my installation 4 hours ago, the FreeBSD folk are fast :)

    This is what is fixed by the update:

    (1) Sebastian Krahmer of the SuSE Security Team identified
    vulnerabilities that could lead to arbitrary code execution as root,
    as well as a race condition that could allow overwriting of system
    files. (This vulnerability was previously fixed in Samba 2.2.8.)

    (2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
    correctly, leads to an anonymous user gaining root access on a Samba
    serving system. All versions of Samba up to and including Samba 2.2.8
    are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*
    vulnerable.''

  2. Re:8 Years?? by Jeremy+Allison+-+Sam · · Score: 4, Informative

    Well security problems like this tend to come in pairs
    (I'm just hoping not in threes :-).

    Once one gets discovered then people look for others in
    the same project.

    The first one was found by a SuSE audit, and we went through
    and fixed all related code. This one was found 'in the wild'
    so to speak. I'm not sure how long the cracker community
    has known about this one.

    I'm to blame as both were in code I wrote a long time ago :-(.

    Jeremy Allison,
    Samba Team.

  3. Re:Raining Open Source bugs? by questionlp · · Score: 3, Informative

    I think it's better that these bugs are found, publicized and patched in a professional manner (like Samba, Sendmail, etc.) then see a company sit on an exploit for a while and state that their products are unbreakable (Oracle) or secure (Microsoft)... even if it's a bug a day. So long as it's fixed, people are notified about it.

    As far as people patching them, that's another topic altogether.

    Almost every software has bugs... be it disclosed or not disclosed.

  4. Re:Don't worry guys! by Jeremy+Allison+-+Sam · · Score: 4, Informative

    Actually I have been thinking about this very fact w.r.t.
    these recent vulnerabilities.

    The problem was that the written code *worked*, as in if
    it was given well-formed SMB packets it behaved correctly,
    even though it was in a little used part of the code.

    Because it worked 'out of the box' as it were, with
    Windows clients there was little reason to examine it.

    It's code that has a problem that gets looked at first.

    I'm not trying to absolve myself of blame, after all, I
    wrote the buggy code, but there was a reason that no one
    needed to look at it for 8 years or so.

    Jeremy Allison,
    Samba Team.

  5. Re:Mac OS X? by Jeremy+Allison+-+Sam · · Score: 3, Informative

    Yes, Apple are working on this. I ported the fix to
    their codebase this morning and mailed it to them.

    Jeremy Allison,
    Samba Team.