Security update for Samba file server
The free SMB file and print server Samba developers have released a security update, 3.2.7. According to the report, an authenticated user could enter an empty string as a share name and get access to the root directory of the server, even if it is not shared. When using an older Samba client, before version 3.0.28, the command
smbclient //server/ -U user%pass
is sufficient to gain access. The problem only affected servers where the option
registry shares = yes is present. This option is implicitly turned on if
include = registry or
config backend=registry are set, but these are not the default settings.
The developers recommend that the new release or the patch be applied as soon as possible. The problem affects versions 3.2.0 through to version 3.2.6. Linux distributions are already making updated packages available.
- CVE-2009-0022: Potential access to "/" in setups with registry shares enabled, the developers bug report.