Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws In Linux SMBFS

Posted by timothy on from the or-would-you-rather-wait-for-service-pack-n dept.

An anonymous reader points out this SecurityFocus alert, which starts "The Linux kernel is reported susceptible to multiple remote vulnerabilities in the SMBFS network file system. These vulnerabilities may lead to the execution of attacker-supplied machine code, information disclosure of kernel memory, or kernel crashes, denying service to legitimate users. Versions of the kernel in both the 2.4, and the 2.6 series are reported susceptible to various issues."

10 of 347 comments (clear)

  1. It's a FEATURE by kesuki · · Score: 5, Funny

    you haven't emulated SMB unless you allow remote execution of code ;)

    --
    https://www.gnu.org/philosophy/free-sw.html
  2. this is NOT samba (smbd) by CRC'99 · · Score: 5, Informative

    It should be clarified, that this is NOT to do with the smbd process aka Samba Project - but the kernel module smbfs.o

    --
    Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
  3. Re:history of linux exploits by Short+Circuit · · Score: 5, Informative

    Secunia...they also have a free service where they'll email you about vulnerabilities and fixes. And I've never received spam from them. (But that may be due to my GMail account.)

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  4. I'm glad this hit slashdot by Anthony+Liguori · · Score: 5, Informative

    I'll say this once, this is absolutely correct. We've known about this for a long time. SMBFS is deprecated. This is why CifsFS was written. CifsFS is a standard part of 2.6 and is available as patches for 2.4 from samba.org. CifsFS is faster, works with newer versions of Windows better, and is much more secure. More importantly, SMBFS is not being maintained. Critical bug fixes get made but that's only because it's in the kernel. Please don't use it unless you have to. Steve French is the author of CifsFS and has done a fantastic job with it.

  5. The link doesnt actually tell you anything by Laeraun · · Score: 5, Informative

    This page gives a much better overview of what it is.

    More information also here

  6. Don't worry! by Tezkah · · Score: 5, Funny

    SP2 users are unaffected.

  7. Re:And before this goes off the front page... by Alan+Hicks · · Score: 5, Informative
    <spamvertisement>
    This is old news. The 2.4.28 kernel was released with fixes for this though a 2.6.10 kernel hasn't yet been put out. I'm not sure who all has patched, but for Slackware users, you can get a 2.4.28 kernel package from SlackSec.
    </spamvertisement>
    --
    Slackware, what else when it must be secure, stable, and easy?
  8. Re:history of linux exploits by Anonymous Coward · · Score: 5, Informative

    Linux advisories
    http://www.linuxsecurity.com/advisorie s/index.html

    Open Source Vunerability Database (not just for Open source software, but the database itself is open source)
    http://www.osvdb.org/

    That is probably the best and it offers vendor contact information, detailed analysis and RSS plugins.

    Secunia Security and Virus information
    http://secunia.com/

    Security Focus:
    http://www.securityfocus.com/

    So on and so forth.

  9. NOT Originally MS Technology by kmb · · Score: 5, Informative

    Microsoft did NOT in fact invent/originate SMB. IBM did.

  10. Re:MS Technology by nacks1 · · Score: 5, Insightful

    "Most Linux-only users use NFS, which does not have these security holes."

    Yeah... it NFS just has plenty of holes of its own. I would be the first to say that I think that SMBFS is crap, but NFS isn't the network filesystem that we should be holding up as a good system to emulate.