In association with heise online

25 June 2009, 11:40

Security updates for Samba

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the free file and print server Samba have released versions 3.0.35, 3.2.13 and 3.3.6 to address two vulnerabilities, one in the smbclient and one in the server. The smbclient tool has a format string vulnerability which can be triggered when the put command is used with malicious file names. In rare cases this could lead to the execution of unwanted code in Samba versions 3.0.31 to 3.3.5.

The server vulnerability can be found in smbd version 3.2.0 and 3.2.12 and allows the unauthorised change of permissions of a writeable file. The problem in this case is caused by missing initialisation for certain data. In addition to the new versions, there are patches for 3.35, for 3.2.12's smbclient, for 3.2.12's smbd and for 3.0.34.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit