Samba 3.0.25 fixes multiple security vulnerabilities
The developers of the open source Samba server have, with the latest version 3.0.25, fixed multiple vulnerabilities, some of which could be exploited by attackers to execute arbitrary malicious code on the server. The Samba developers have also released patches for the previous version.
One of the vulnerabilities fixed permitted an attacker to execute arbitrary code in a shell, as Samba failed to filter user entries received via MS-RPC and passed these to the /bin/sh command line interpreter on calling scripts executed in the smb.conf. In addition, crafted MS-RPC calls could cause a buffer overflow, allowing execution of injected malicious code. A further security vulnerability affected the translation of Windows SIDs in local user accounts. Under certain unspecified circumstances, translation could fail resulting in the user acquiring root privileges.
The bugs affect Samba version 3.0.0 to 3.0.25rc3. The translation errors affect versions 3.0.23d to 3.0.25pre2. The developers have fixed the problems in the newly released version 3.0.25.
- Announcing Samba version 3.0.25
- Remote Command Injection Vulnerability, security announcement from the Samba developers
- Multiple Heap Overflows Allow Remote Code Execution, security announcement from the Samba developers
- Local SID/Name translation bug can result in user privilege elevation, security announcement from the Samba developers