Samba developers quash serious bug
Vulns like this a relative rarity for the file-and-print software
IDG News Service - Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.
The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known workaround for the flaw. Samba ships with Linux and Unix operating systems and is a popular way of allowing Windows clients to print and store files using a Linux or Unix machine.
It's been a few years since Samba has had to fix this kind of vulnerability, which is due to a coding error affecting the way Samba puts data into the computer's memory, said Samba developer Jeremy Allison. "This kind of bug is rare for us," he said Monday in an e-mail interview. "That's why we're embarrassed."
Still, there is no known exploit code for the problem, and even if there were, an attacker would first have to find a way to reach a Samba server via Microsoft's Remote Procedure Call (RPC) service, which is typically blocked by the firewall.
The flaw could give attackers a way to jump from a compromised Windows computer to a Samba server, said David Endler, director of security research at 3Com Corp.'s TippingPoint division, which first reported the flaw. "The real danger here is if an exploit is developed, it could be integrated into the latest botnet software," he said.
Endler added that he would be "surprised" if an exploit for the problem were not developed over the next few weeks.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts