Samba Hit By 'Highly Critical' Vulnerability

← Back to Stories (view on slashdot.org)

Samba Hit By 'Highly Critical' Vulnerability

Posted by timothy on Thursday May 29, 2008 @07:32AM from the because-people-are-bad dept.

sawky puck writes "Researchers at Secunia have flagged a 'highly critical' vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an 'smb://' link) or by sending specially crafted packets to an 'nmbd' server configured as a local or domain master browser. This issue affects both Samba client and server installations."

4 of 70 comments (clear)

Min score:

Reason:

Sort:

buffer overrun .. by rs232 · 2008-05-29 08:02 · Score: 2, Interesting

"Boundary failure when parsing SMB responses can result in a buffer overrun"

Does this apply to a particular CPU/MMU compiler combination or is it generic across all systems? Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space.

--
davecb5620@gmail.com
1. Re:buffer overrun .. by Anonymous Coward · 2008-05-29 08:24 · Score: 2, Interesting
  
  Possible? Yes. Possible without sacrificing all hopes of decent performance? Not as far as we know.
  
  For example, you could use your 64-bit address space and put /every single object ever/ in its own page, at 0xXXXXXXXX00000000. Trap pages all around. That ought to do the trick, but now your TLB's shot, and your ints are 4kb large.
2. Re:buffer overrun .. by owlstead · 2008-05-29 11:35 · Score: 2, Interesting
  
  "Does this apply to a particular CPU/MMU compiler combination or is it generic across all systems? Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space."
  
  Yes, it's called managed code (Java/.NET) and yes, you can even design hardware that runs byte code. It will slightly hamper performance, but it has its advantages. Of course, the way it is currently done is to implement the JVM in software. That's ok though, you have such a small target running unsafe code that the number of buffer overruns is insignificant.
  
  When there is a problem, an exception is raised. But an exception is a basic component in the byte code and it just crashes that part of the system at worst. Obviously that does not mean you cannot create mistakes when using managed code, but they tend not to spread as far.
  
  Together with a good messaging system and/or immutable objects, you can create a heck of a safe system.
how about this .. by rs232 · 2008-05-29 08:29 · Score: 3, Interesting

"There is the NX bit, but you'd have to know about how far the buffer can overrun"

"we adapted the memory safety techniques from the SAFECode project .. This work makes the kernel immune to buffer overruns, dangling pointers, and other memory error vulnerabilities"

--
davecb5620@gmail.com