Samba Hit By 'Highly Critical' Vulnerability

Samba Hit By 'Highly Critical' Vulnerability 70

Posted by timothy on Thursday May 29, 2008 @03:32PM from the because-people-are-bad dept.

sawky puck writes "Researchers at Secunia have flagged a 'highly critical' vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an 'smb://' link) or by sending specially crafted packets to an 'nmbd' server configured as a local or domain master browser. This issue affects both Samba client and server installations."

Samba Hit By 'Highly Critical' Vulnerability

This discussion has been archived. No new comments can be posted.

Search 70 Comments Log In/Create an Account

Comments Filter:

Oh jeez (Score:5, Funny)

by blackjackshellac ( 849713 ) writes: on Thursday May 29, 2008 @03:42PM (#23590861)

I guess I better take all of my samba servers off the internet!

<snark/>

Vulnerability? And how! (Score:1, Funny)

by Applekid ( 993327 ) writes: on Thursday May 29, 2008 @03:47PM (#23590949)

I sure know I have a highly critical vulnerability to a pretty Brazillian lady doing the Samba, eh gents?

Re:Oh jeez (Score:5, Funny)

by value_added ( 719364 ) writes: on Thursday May 29, 2008 @04:19PM (#23591461)

I'll check them for you, free of charge... what did you say their IPs were? :)

My guess is that most of his servers are in the 10/8 or 192.168/16 ranges. Run an nmap scan on those netblocks and I'll bet you'll find something. While you're at it, be sure to check out 127.0.0.1 for any "hidden" servers.

Re:Oh jeez (Score:1, Funny)

by Anonymous Coward writes: on Thursday May 29, 2008 @04:37PM (#23591749)

Hah! I've got you now, you idi

Re:buffer overrun .. (Score:5, Funny)

by kestasjk ( 933987 ) writes: on Thursday May 29, 2008 @04:55PM (#23592011) Homepage

Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space.
Microsoft labs are working on a solution that'll work like this: "The program you are using wants to write 0x0a83d9ed to the stack at address 0x912dfe31. Confirm or Deny?"

Re:Already Patched (Score:3, Funny)

by BiggerIsBetter ( 682164 ) writes: on Thursday May 29, 2008 @06:34PM (#23593271)

It's already been fixed and the Debian team should be sending a patched version of samba to their repos for downstream distros either last night or some time today.
Yeah, but how long before someone fixes that patch? 2 years?

Re:buffer overrun .. (Score:1, Funny)

by Anonymous Coward writes: on Thursday May 29, 2008 @06:37PM (#23593319)

Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space.
Yes. It's called "OpenBSD".

Re:More M$ Vulnerabilities (Score:3, Funny)

by nog_lorp ( 896553 ) writes: on Friday May 30, 2008 @01:09AM (#23596331)

http://smithii.com/samba [smithii.com].

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Samba Hit By 'Highly Critical' Vulnerability 70

Samba Hit By 'Highly Critical' Vulnerability More Login

Samba Hit By 'Highly Critical' Vulnerability

Oh jeez (Score:5, Funny)

Vulnerability? And how! (Score:1, Funny)

Re:Oh jeez (Score:5, Funny)

Re:Oh jeez (Score:1, Funny)

Re:buffer overrun .. (Score:5, Funny)

Re:Already Patched (Score:3, Funny)

Re:buffer overrun .. (Score:1, Funny)

Re:More M$ Vulnerabilities (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot