Security update for Samba 3.5 - Update
The Samba developers have released version 3.5.5 of Samba, a security update that addresses a buffer overrun vulnerability in their open source file and print server software. According to the developers, the vulnerability affects the
sid_parse() function and the related
dom_sid_parse() function which do not correctly check their input lengths when reading binary versions of a Windows Security ID (SID); a file share connection – authenticated or unauthenticated – is needed to exploit the issue.
Versions 3.0.x to 3.5.x are all reportedly affected by the vulnerability. All users are encouraged to update as soon as possible. The Ubuntu developers have already patched their the versions Samba in Ubuntu 6.06 LTS to 10.04 LTS.
More information about Samba 3.5.5 can be found in the release notes. Samba 3.5.5 is available to download (direct download) from the project's site; Samba 3.3.15 and 3.4.9 have also been released. Alternatively, patches are available from the Samba Security Releases page for version 3.3.13, 3.4.8 and 3.5.4. Samba is licensed under the GPL.
Update - It is unclear whether the vulnerability can be exploited to compromise a server. The Metasploit developer HD Moore is looking into creating an exploit, but according to his comments on Twitter a successful attack would have to have quota support turned on and the attacker would need the credentials of a valid admin user. Even with these caveats, the server fails to crash.
Administrators are still advised to update as soon as possible. Problems will arise, however, for owners of devices with embedded Linux wanting to perform an update. These devices often have Samba working as a file server, a configuration often found in NAS (network attached storage) devices or in some routers. These users will have to hope that their device manufacturers will offer a firmware update.
- Buffer Overrun Vulnerability, security advisory from Samba.