Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Networking Operating Systems Software Windows

Samba Hit By 'Highly Critical' Vulnerability 70

Posted by timothy from the because-people-are-bad dept.
sawky puck writes "Researchers at Secunia have flagged a 'highly critical' vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an 'smb://' link) or by sending specially crafted packets to an 'nmbd' server configured as a local or domain master browser. This issue affects both Samba client and server installations."
This discussion has been archived. No new comments can be posted.

Samba Hit By 'Highly Critical' Vulnerability More

Samba Hit By 'Highly Critical' Vulnerability

Comments Filter:

  • buffer overrun .. (Score:3, Interesting)

    by rs232 ( 849320 ) on Thursday May 29, 2008 @04:02PM (#23591175)
    "Boundary failure when parsing SMB responses can result in a buffer overrun [samba.org]"

    Does this apply to a particular CPU/MMU compiler combination or is it generic across all systems? Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space.

  • Re:buffer overrun .. (Score:2, Interesting)

    by Anonymous Coward on Thursday May 29, 2008 @04:24PM (#23591543)
    Possible? Yes. Possible without sacrificing all hopes of decent performance? Not as far as we know.

    For example, you could use your 64-bit address space and put /every single object ever/ in its own page, at 0xXXXXXXXX00000000. Trap pages all around. That ought to do the trick, but now your TLB's shot, and your ints are 4kb large.

  • how about this .. (Score:4, Interesting)

    by rs232 ( 849320 ) on Thursday May 29, 2008 @04:29PM (#23591615)
    "There is the NX bit, but you'd have to know about how far the buffer can overrun"

    "we adapted the memory safety techniques from the SAFECode project .. This work makes the kernel immune to buffer overruns [uiuc.edu], dangling pointers, and other memory error vulnerabilities"

  • Re:buffer overrun .. (Score:3, Interesting)

    by owlstead ( 636356 ) on Thursday May 29, 2008 @07:35PM (#23593985)
    "Does this apply to a particular CPU/MMU compiler combination or is it generic across all systems? Is it technically possible to design a system that is immune to buffer overruns or, by default, fails safe, as in not allowing any old code to walk all over the address space."

    Yes, it's called managed code (Java/.NET) and yes, you can even design hardware that runs byte code. It will slightly hamper performance, but it has its advantages. Of course, the way it is currently done is to implement the JVM in software. That's ok though, you have such a small target running unsafe code that the number of buffer overruns is insignificant.

    When there is a problem, an exception is raised. But an exception is a basic component in the byte code and it just crashes that part of the system at worst. Obviously that does not mean you cannot create mistakes when using managed code, but they tend not to spread as far.

    Together with a good messaging system and/or immutable objects, you can create a heck of a safe system.

Slashdot Top Deals

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Close