In association with heise online

02 October 2009, 11:05

Vulnerabilities in Samba file and printer server plugged

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The development team behind open source file and print server Samba have released versions 3.0.37, 3.2.15, 3.3.8 and 3.4.2. They fix three vulnerabilities which attackers could exploit to access data or disable the server. In addition to the new versions, source code patches are also available.

According to a report, merely sending an unexpected 'Oplock break notification' was sufficient for a client to send the smbd service into an endless loop, disabling the server. This case should not arise under normal circumstances and, according to the developers, the server accepts the relevant packets only where the attacker has already been authenticated.

Where a user's home directory in the /etc/passwd file is blank, it may also be possible to break out of the defined root directory. Attackers could exploit this to access arbitrary files on the server.

A bug when checking access rights in the mount.cifs client application results in parts of the content of credential files being disclosed to other users. Credential files allow login details for automatic mounts to be swapped out, thus avoiding having them in the publicly viewable /etc/fstab file.

See also


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit