Please wait while the page is being loaded Skip this advertisement >
Saturday | 22 November, 2008
ARN

Samba developers quash serious bug

Samba developers have fixed a critical bug in their popular Linux file-and-print software.
Robert McMillan (IDG News Service) 15 May, 2007 10:05:09

Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.

The bug is one of three vulnerabilities that were patched Monday by the Samba team in the Samba 3.0.25 release.

The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known work-around for the flaw. Samba ships with Linux and Unix operating systems and is a popular way of allowing Windows clients to print and store files using a Linux or Unix machine.

It's been a few years since Samba has had to fix this kind of vulnerability, which is due to a coding error affecting the way Samba puts data into the computer's memory, said Samba developer Jeremy Allison. "This kind of bug is rare for us," he said Monday in an e-mail interview. "That's why we're embarrassed."

Still, there is no known exploit code for the problem, and even if there were, an attacker would first have to find a way to reach a Samba server via Microsoft's Remote Procedure Call (RPC) service, which is typically blocked by the firewall.

The flaw could give attackers a way to jump from a compromised Windows computer to a Samba server, said David Endler, director of security research at 3Com's TippingPoint division, which first reported the flaw. "The real danger here is if an exploit is developed, it could be integrated into the latest botnet software," he said.

Endler added that he would be "surprised" if an exploit for the problem were not developed over the next few weeks.

Related Stories
  • +

    Apple growth will draw malware attacks 22 January, 2008 09:08:48

    Mac OS X is safer today -- but not necessarily more secure for the long term -- than Windows
    As Apple continues to grow its worldwide market share and the company's products find their way into more business environments, attackers are certain to follow and create greater volumes of exploits aimed at vulnerabilities in the company's software, security experts contend.
  • +

    Zenoss: New dog masters old monitoring tricks 30 November, 2007 12:50:00

    Zenoss Core 2.1 impresses with object-based approach, strong device discovery, native Windows monitoring, and open source extensibility
    Since the dawn of the business network, there has been a need to ensure that the network services provided to the enterprise are alive and responsive. Traditionally, in midsized businesses, this role has been filled by complex, closed source, and fantastically expensive solutions from manufacturers such as BMC, CA, HP, and IBM. And while these extravagant expenses make no customer happy, many users of these packages also complain of their complexity. Enough administrators have spent enough time wrangling with their monitoring systems to make a lot of smart people imagine that there must be a better way.
  • +

    ARN's A-Z guide to networking 19 December, 2007 14:50:54

    As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond.
Have your say!
ARN Directory | Distributors relevant to this article
Also Technology , Altech Computers , Annuity Systems , ASI Solutions , Cellnet , Compucon Computers , Computergate , EDsys Computers , Express Data , Express Online , Firewall Systems , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Simms International , Synnex Australia , Topstar Computer International , Unixpac , Westan , XiT Distribution , Xpress I.T.
ARN Directory | Vendors relevant to this article
3Com
Additional Resources
ARN Library
white paper Click here for case studies, whitepapers and other useful vendor content
Newsletter Subscription
Sign up for our ARN newsletters!
RSS Feeds
Market Place
Become a Lenovo Legend Now! Join the sales incentive exclusively for Lenovo Business Partners.
Find out how to win an IPod Touch with ARN.
POS POS is the leading value-added distributor of point of sale & point of service technologies in ANZ.
Kaspersky Internet Security 2009 released - with virtual keyboard for safe entry of passwords. Try it..
Power through the disruptions: Uninterruptibility from Eaton!
 
Panel Sessions

  • ARN Panel Sessions: Day 3

    The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?

Play
See all Panel Sessions videos >>
ARN news
Play
See all news >>
Channel Watch
Play
See all Channel Watch videos >>
Business Continuity & Disaster Recovery Zone

When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
Get a job Careerone
ARN Library


Read Material

NAB works with Avanade® to leverage Microsoft® Windows Server® 2008 for its branch offices

In 2007, Avanade helped the National Australia Bank use Windows Server 2008 to simplify deployment, maximise the efficiency of their low-bandwidth wide area network and consolidate its IT infrastructure.

Sponsored Links