FanJ
April 9th, 2003, 09:16 AM
From the Kaspersky Newsletter:
[hr]
Un-patched Servers Running Samba At Risk
This most recent problem makes it possible for attackers to waltz on
into Internet connected servers running Samba.
Samba Team's open source group's Samba software is a widely used program
enabling the sharing of Windows files between Unix and Linux systems.
The security problem could easily let an attacker compromise any Samba
server connected to the internet. The Samba Team reports, "The
vulnerability, if exploited correctly, leads to an anonymous user
gaining root access on a Samba serving system. All versions of Samba up
to and including Samba 2.2.8 are vulnerable. An active exploit of the
bug has been reported in the wild. Alpha versions of Samba 3.0 and above
are NOT vulnerable."
Jeremy Allison, co-author of Samba and a Samba Team leader explained
that the flaw "has been in the code for seven or eight years."
The security risk was detected by the security firm Digital Defense and
is already being exploited by hackers to break into vulnerable servers.
Both Digital Defense and the Samba Team urge users to check their
servers and to apply the necessary update or patch. Interestingly,
Digital Defense found the vulnerability when a file server the company
was monitoring happened to be hacked via the exploit. The company found
the vulnerability by reverse-engineering using network data. Digital
Defense warned that Samba software that runs on Linux distributions as
well as FreeBSD and Sun Microsystems' Solaris are also affected.
The patch and Samba updates are available for download from the Samba website:
http://us1.samba.org/samba/samba.html
[hr]
Un-patched Servers Running Samba At Risk
This most recent problem makes it possible for attackers to waltz on
into Internet connected servers running Samba.
Samba Team's open source group's Samba software is a widely used program
enabling the sharing of Windows files between Unix and Linux systems.
The security problem could easily let an attacker compromise any Samba
server connected to the internet. The Samba Team reports, "The
vulnerability, if exploited correctly, leads to an anonymous user
gaining root access on a Samba serving system. All versions of Samba up
to and including Samba 2.2.8 are vulnerable. An active exploit of the
bug has been reported in the wild. Alpha versions of Samba 3.0 and above
are NOT vulnerable."
Jeremy Allison, co-author of Samba and a Samba Team leader explained
that the flaw "has been in the code for seven or eight years."
The security risk was detected by the security firm Digital Defense and
is already being exploited by hackers to break into vulnerable servers.
Both Digital Defense and the Samba Team urge users to check their
servers and to apply the necessary update or patch. Interestingly,
Digital Defense found the vulnerability when a file server the company
was monitoring happened to be hacked via the exploit. The company found
the vulnerability by reverse-engineering using network data. Digital
Defense warned that Samba software that runs on Linux distributions as
well as FreeBSD and Sun Microsystems' Solaris are also affected.
The patch and Samba updates are available for download from the Samba website:
http://us1.samba.org/samba/samba.html