Security update for Samba file server
The free SMB file and print server Samba developers have released a security update, 3.2.7. According to the report, an authenticated user could enter an empty string as a share name and get access to the root directory of the server, even if it is not shared. When using an older Samba client, before version 3.0.28, the command
smbclient //server/ -U user%pass
is sufficient to gain access. The problem only affected servers where the option registry shares = yes
is present. This option is implicitly turned on if include = registry
or config backend=registry
are set, but these are not the default settings.
The developers recommend that the new release or the patch be applied as soon as possible. The problem affects versions 3.2.0 through to version 3.2.6. Linux distributions are already making updated packages available.
See Also:
- CVE-2009-0022: Potential access to "/" in setups with registry shares enabled, the developers bug report.
(djwm)