In association with heise online

06 January 2009, 11:50

Security update for Samba file server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The free SMB file and print server Samba developers have released a security update, 3.2.7. According to the report, an authenticated user could enter an empty string as a share name and get access to the root directory of the server, even if it is not shared. When using an older Samba client, before version 3.0.28, the command

    smbclient //server/ -U user%pass

is sufficient to gain access. The problem only affected servers where the option registry shares = yes is present. This option is implicitly turned on if include = registry or config backend=registry are set, but these are not the default settings.

The developers recommend that the new release or the patch be applied as soon as possible. The problem affects versions 3.2.0 through to version 3.2.6. Linux distributions are already making updated packages available.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit