ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Application development Toolkit

Samba flaw opens up root access attack

John McCormick

Published: 07 Apr 2003 09:49 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The SuSE Security Audit Team has reported that a vulnerability in the Samba suite -- which provides SMB-based file and printer sharing on many Linux and Unix systems -- can open up a system to a remote attack resulting in complete compromise of the system by giving the attacker "root" privileges.

Details

A ZDNet UK story on this vulnerability included a note from the co-author of Samba, Jeremy Allison, saying that the new version of Samba was rushed out because, "We know of one site that may have been compromised by this."

The Samba.org notice on this flaw reports that the newest version of Samba fixes this problem by adding "explicit over-run and overflow checks on fragment re-assembly of SMB/CIFS packets," which addresses this vulnerability.

A Debian GNU/Linux Security notice, DSA-262-1, says that the threats include:

  • "A buffer overflow in the SMB/CIFS packet fragment re-assembly code used by smbd. Since smbd runs as root, an attacker can use this to gain root access to a machine running smbd.
  • "The code to write reg files was vulnerable for a chown race [chown is the Linux change ownership command], which made it possible for a local user to overwrite system files."

Mitre vulnerability candidate number CAN-2003-0085 describes the flaw as "a buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8 allows remote attackers to execute arbitrary code."

Mitre vulnerability candidate CAN-2003-0086 is a reg file vulnerability that "allows local users to overwrite arbitrary files via a race condition involving chown" in older Samba versions.

Applicability

Samba 2.0.x to 2.2.7a all include this vulnerability. CERT Vulnerability Note VU#298233 lists a number of vendor products that are vulnerable to this Samba flaw and states that Openwall GNU/*/Linux, Fujitsu, and Ingrian products are not vulnerable.

Apple's advisory on this problem says, "Samba is not enabled by default with Mac OS X and Mac OS X Server." Apple says that it does have plans to issue a patch for version 10.2.4.

Risk level--serious

Because this flaw can result in root (administrator) access and can be exploited remotely, it needs to be taken very seriously by administrators who have Samba running on their networks.

Fix

The Samba team recommends that users immediately upgrade to version 2.2.8. The source code is located at download.samba.org/samba/ftp/ in samba-2.2.8.tar.gz or samba-2.2.8.tar.bz2. When available, binary packages will be posted at download.samba.org/samba/ftp/Binary_Packages/. Alternatively, managers can simply block access to TCP ports 139 and 445.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
140 out of 274 people found this useful


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Principle Analyst, Oil Demand Senior Hire - 90,000

As a principle analyst, your responsibility is to deliver exceptional quality analysis and insight to your prestigious clients. Respond to this ...

SAP BW Business Analyst / SAP BI Business Analyst - Global Manufacturer

You will be part of the BI Competency Centre, a global department within my clients IS function, that takes responsibility for all SAP BI projects ...

PHP developer (West Mids)

Candidates need to be solutions driven and poses the ability to recognise and solve incompatibility issues and bugs. The successful applicant would ...

Discussions

dogStar dogStar

Shake those Monkeys!

Friday 25 July 2008, 9:51 AM

1 comment
Freddyoky Freddyoky

Police And The Internet

Friday 25 July 2008, 8:32 AM

4 comments

Featured Talkback

The fact is: Software developers today are really designers and not coders. The reason that business anlaysts exist today to model solutions is because they understand the value of designing software before writing it. All too often developers create code that has little value because they do not understand that business classes interact with other classes within the confines of a working model or pattern.

By: 1000165269

Read full story:
Making sense of agile modelling