Windows file sharing under Mac OS X vulnerable
Most Mac users are not aware that "Windows Sharing" under Mac OS X is also affected by the recent critical security vulnerabilities discovered in the open-source Samba server . Unlike Linux distributors such as Ubuntu and Redhat, Apple has not yet made an update available.
The current version 10.4.9 of the Apple operating system runs with Samba 3.0.10 for file and printer sharing in Windows networks. The vulnerabilities, which might allow the attacker to remotely smuggle malicious code into the system or locally obtain root privilege, can be found however in all Samba versions starting with 3.0.0 up to and including 3.0.25rc3. The Samba developers have eliminated them starting with version 3.0.25.
Windows Sharing is not enabled by default on OS X. Only those who have ticked "Windows Sharing" in the system settings under Sharing/Services, are affected by the problems. Until Apple releases a fault-free Samba version, it is recommended to start the service only when required. Those who are operational in untrustworthy networks should make sure that the service is turned off.
- Samba 3.0.25 fixes multiple security vulnerabilities, report on heise Security