Security Flaws In Linux SMBFS

An anonymous reader points out this SecurityFocus alert, which starts "The Linux kernel is reported susceptible to multiple remote vulnerabilities in the SMBFS network file system. These vulnerabilities may lead to the execution of attacker-supplied machine code, information disclosure of kernel memory, or kernel crashes, denying service to legitimate users. Versions of the kernel in both the 2.4, and the 2.6 series are reported susceptible to various issues."

OMG It sounds like...

[LupidStupy]

A Microsoft exploit notice.... Wow.

funny

[LiquidMind]

"...denying service to legitimate users..."

HAHA! that could never happen to me. I feel sorry for the losers that are gonna get hit by th*&$^)### (connection lost)

Here's my take on it

[erroneus]

#1 It'll get fixed real soon... probably already is given that I've had two kernel updates within a few days on my FC2 machine.
#2 Unless you're a complete fool and are using the protocol openly on the internet, the chances are good that you're relatively safe from exploit since you're on a private network. (It would take someone hacking through your router just to exploit something on your internal network. Possible but low on the order of things.)

In any case, It's an important bug and it must be fixed and I have all the faith that it will be quickly.

I'm not suprised about this.

[xtremee]

SecurityFocus have this down as a "Design Error". Is that in the design of the implementation, or the design of the protocol? Can we start blaming Microsoft for bugs in Linux now?

As we all know, Windows is a closed-source operating system, which offers documentation for all their apps and apis. The SMB Filesystem had to be developed without seeing the source code of the original fs. Remember, this is an emulation which means that it's normal to have this kinds of flaws.