The development team behind Samba, a tool used to connect Windows and Linux servers, has issued a security advisory warning of a serious flaw that could allow an attacker to remotely gain root user privileges on systems supporting
Update your Samba to one of the new versions, if you can. If you can’t upgrade because your Linux is embedded, seriously consider replacing your device; yes, this is that bad.
Nicholas Percoco, senior vice president, Trustwave SpiderLabs
The Samba vulnerability, which affects version 3.6.3 and earlier, has been repaired in a Samba security update, issued Tuesday. Samba is used to integrate file transfer and print capabilities in Unix and Linux systems so they can interoperate with Microsoft Windows environments.
The issue stems from an error in the code generator for Samba’s remote procedure call (RPC), which handles communication over a network. The flaw makes it possible for an attacker to use malicious RPC calls to cause the server to execute arbitrary code.
“As this does not require an authenticated connection, it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately,” the Samba developers said in a vulnerability advisory accompanying the update. Due to the seriousness of this vulnerability, patches have been released for all Samba versions currently out of support and maintenance from 3.0.37 onwards.”
The problem is widespread because Samba is supported practically everywhere Linux is in use, said Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs. In a blog entry, Percoco said a “high quality” proof-of-concept has been released making it easy for an attacker to target the vulnerability.
“Update your Samba to one of the new versions, if you can. If you can’t upgrade because your Linux is embedded, seriously consider replacing your device; yes, this is that bad,” Percoco wrote. “If your servers are in production and can’t risk the update right now, then edit your ‘hosts allow’ parameter inside smb.conf to restrict access. Editing SMB.CONF should not be seen as a complete fix, but only as a way to help mitigate an attack.”