Security updates for Samba
The developers of the free file and print server Samba have released versions 3.0.35, 3.2.13 and 3.3.6 to address two vulnerabilities, one in the smbclient and one in the server. The smbclient tool has a format string vulnerability which can be triggered when the put command is used with malicious file names. In rare cases this could lead to the execution of unwanted code in Samba versions 3.0.31 to 3.3.5.
The server vulnerability can be found in smbd version 3.2.0 and 3.2.12 and allows the unauthorised change of permissions of a writeable file. The problem in this case is caused by missing initialisation for certain data. In addition to the new versions, there are patches for 3.35, for 3.2.12's smbclient, for 3.2.12's smbd and for 3.0.34.
See also:
- Formatstring vulnerability in smbclient, Samba advisory.
- Uninitialized read of a data value, Samba advisory.
(djwm)