News

Dangerous Samba vulnerability affects all Linux systems

Robert Westervelt, News Director

The development team behind Samba, a tool used to connect Windows and Linux servers, has issued a security advisory warning of a serious flaw that could allow an attacker to remotely gain root user privileges on systems supporting

    Requires Free Membership to View

the open source software package.

Update your Samba to one of the new versions, if you can. If you can’t upgrade because your Linux is embedded, seriously consider replacing your device; yes, this is that bad.

Nicholas Percoco, senior vice president, Trustwave SpiderLabs

The Samba vulnerability, which affects version 3.6.3 and earlier, has been repaired in a Samba security update, issued Tuesday. Samba is used to integrate file transfer and print capabilities in Unix and Linux systems so they can interoperate with Microsoft Windows environments.   

The issue stems from an error in the code generator for Samba’s remote procedure call (RPC), which handles communication over a network. The flaw makes it possible for an attacker to use malicious RPC calls to cause the server to execute arbitrary code.

“As this does not require an authenticated connection, it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately,” the Samba developers said in a vulnerability advisory accompanying the update. Due to the seriousness of this vulnerability, patches have been released for all Samba versions currently out of support and maintenance from 3.0.37 onwards.”

The problem is widespread because Samba is supported practically everywhere Linux is in use, said Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs. In a blog entry, Percoco said a “high quality” proof-of-concept has been released making it easy for an attacker to target the vulnerability.

“Update your Samba to one of the new versions, if you can. If you can’t upgrade because your Linux is embedded, seriously consider replacing your device; yes, this is that bad,” Percoco wrote. “If your servers are in production and can’t risk the update right now, then edit your ‘hosts allow’ parameter inside smb.conf to restrict access. Editing SMB.CONF should not be seen as a complete fix, but only as a way to help mitigate an attack.”


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: