Samba developers quash serious bug
Vulns like this a relative rarity for the file-and-print software
IDG News Service - Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.
The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known workaround for the flaw. Samba ships with Linux and Unix operating systems and is a popular way of allowing Windows clients to print and store files using a Linux or Unix machine.
It's been a few years since Samba has had to fix this kind of vulnerability, which is due to a coding error affecting the way Samba puts data into the computer's memory, said Samba developer Jeremy Allison. "This kind of bug is rare for us," he said Monday in an e-mail interview. "That's why we're embarrassed."
Still, there is no known exploit code for the problem, and even if there were, an attacker would first have to find a way to reach a Samba server via Microsoft's Remote Procedure Call (RPC) service, which is typically blocked by the firewall.
The flaw could give attackers a way to jump from a compromised Windows computer to a Samba server, said David Endler, director of security research at 3Com Corp.'s TippingPoint division, which first reported the flaw. "The real danger here is if an exploit is developed, it could be integrated into the latest botnet software," he said.
Endler added that he would be "surprised" if an exploit for the problem were not developed over the next few weeks.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts