In association with heise online

18 May 2010, 15:01

Samba update fixes DoS vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Samba Logo Released last week, version 3.4.8 of the free Samba file and print server fixes various holes including two denial of service (DoS) vulnerabilities which allow attackers to remotely crash the Smbd service. One of the problems is caused by a null pointer dereference when processing a certain series of SMB headers that include a specific combination of flags. The other hole involves an uninitialised variable read when processing specially crafted "Session Setup AndX" requests with flawed Security Binary Large Object (security blob) length values.

Both flaws were already fixed in April In version 3.5.2. Users are advised to install one of the new versions as soon as possible because security firm Stratsec, which discovered the holes, released some relevant the same time as the details of the vulnerability.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit