Un-patched Servers Running Samba At Risk

Discussion in 'other security issues & news' started by FanJ, Apr 9, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    From the Kaspersky Newsletter:
    Un-patched Servers Running Samba At Risk
    This most recent problem makes it possible for attackers to waltz on
    into Internet connected servers running Samba.

    Samba Team's open source group's Samba software is a widely used program
    enabling the sharing of Windows files between Unix and Linux systems.

    The security problem could easily let an attacker compromise any Samba
    server connected to the internet. The Samba Team reports, "The
    vulnerability, if exploited correctly, leads to an anonymous user
    gaining root access on a Samba serving system. All versions of Samba up
    to and including Samba 2.2.8 are vulnerable. An active exploit of the
    bug has been reported in the wild. Alpha versions of Samba 3.0 and above
    are NOT vulnerable."

    Jeremy Allison, co-author of Samba and a Samba Team leader explained
    that the flaw "has been in the code for seven or eight years."

    The security risk was detected by the security firm Digital Defense and
    is already being exploited by hackers to break into vulnerable servers.
    Both Digital Defense and the Samba Team urge users to check their
    servers and to apply the necessary update or patch. Interestingly,
    Digital Defense found the vulnerability when a file server the company
    was monitoring happened to be hacked via the exploit. The company found
    the vulnerability by reverse-engineering using network data. Digital
    Defense warned that Samba software that runs on Linux distributions as
    well as FreeBSD and Sun Microsystems' Solaris are also affected.

    The patch and Samba updates are available for download from the Samba website:
Thread Status:
Not open for further replies.