Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba Hit By 'Highly Critical' Vulnerability

Posted by timothy on from the because-people-are-bad dept.

sawky puck writes "Researchers at Secunia have flagged a 'highly critical' vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an 'smb://' link) or by sending specially crafted packets to an 'nmbd' server configured as a local or domain master browser. This issue affects both Samba client and server installations."

8 of 70 comments (clear)

  1. Oh jeez by blackjackshellac · · Score: 5, Funny

    I guess I better take all of my samba servers off the internet!

    <snark/>

    --
    Salut,

    Jacques

    1. Re:Oh jeez by value_added · · Score: 4, Funny

      I'll check them for you, free of charge... what did you say their IPs were? :)

      My guess is that most of his servers are in the 10/8 or 192.168/16 ranges. Run an nmap scan on those netblocks and I'll bet you'll find something. While you're at it, be sure to check out 127.0.0.1 for any "hidden" servers.

    2. Re:Oh jeez by Anonymous Coward · · Score: 1, Funny

      Hah! I've got you now, you idi

  2. Vulnerability? And how! by Applekid · · Score: 1, Funny

    I sure know I have a highly critical vulnerability to a pretty Brazillian lady doing the Samba, eh gents?

    --
    More Twoson than Cupertino
  3. Re:buffer overrun .. by kestasjk · · Score: 4, Funny

    Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space. Microsoft labs are working on a solution that'll work like this: "The program you are using wants to write 0x0a83d9ed to the stack at address 0x912dfe31. Confirm or Deny?"
    --
    // MD_Update(&m,buf,j);
  4. Re:Already Patched by BiggerIsBetter · · Score: 2, Funny

    It's already been fixed and the Debian team should be sending a patched version of samba to their repos for downstream distros either last night or some time today. Yeah, but how long before someone fixes that patch? 2 years?
    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  5. Re:buffer overrun .. by Anonymous Coward · · Score: 1, Funny

    Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space. Yes. It's called "OpenBSD".
  6. Re:More M$ Vulnerabilities by nog_lorp · · Score: 2, Funny

    http://smithii.com/samba.