Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samba Hit By 'Highly Critical' Vulnerability

Posted by timothy on from the because-people-are-bad dept.

sawky puck writes "Researchers at Secunia have flagged a 'highly critical' vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an 'smb://' link) or by sending specially crafted packets to an 'nmbd' server configured as a local or domain master browser. This issue affects both Samba client and server installations."

3 of 70 comments (clear)

  1. Oh jeez by blackjackshellac · · Score: 5, Funny

    I guess I better take all of my samba servers off the internet!

    <snark/>

    --
    Salut,

    Jacques

  2. Re:buffer overrun .. by kvezach · · Score: 5, Informative

    Not in general. Straightforward "execute what you want" buffer overruns can be thwarted by using no-execute; however, this doesn't stop the overrun from overwriting data so that the right functions will have the wrong input and thus do what the exploit writer wants. So-called return-to-libc attacks (where the exploit writer rearranges the stack so that it calls prexisting functions with interesting parameters) can be made very hard to pull off with address space randomization, but that doesn't help on architectures with 32-bit or lesser size pointers.

    Radical virtualization might mitigate the effects so that the bugs are irrelevant (as would a capabilities based system where, even if you do smash the stack, there's nothing interesting you can do with the privileges gained), but that's not stopping the buffer overruns themselves, just making them moot.

  3. This is why we have SELinux by FranTaylor · · Score: 5, Informative

    "Arbitrary" code will see lots of 'permission denied' errors as it tries to do evil.