Leak in Samba Versions from 3.0.29

Dec 03, 2008

Samba versions from 3.0.29 include a security failure. Developers have released an update to fix it.

The Samba advisory indicates that the security leak resulted from a change to GNU Compiler Collection (GCC) version 4 optimization. It seems a cut-and-paste error in the range checking code can allow a malicious client to alter the Server Message Block (SMB) process to pass arbitrary memory requests back to itself.

The Samba team ran into the error during an internal code investigation. The advisory recommends an immediate patch upgrade.

Patches are available for download here. The new Samba versions, 3.2.5 and 3.0.33 already have the patches applied. The team also points to the fact that the Samba 3.2 directories are now located in the /recent directory and are no longer in an experimental state.

Related content

  • Next Alpha Version of Samba 4

    The developers of the Samba 4 version have released the second alpha version three months after the initial alpha.

  • Samba 4.0 Released

    The Samba team announces Samba 4.0 – the latest version of the free software file, print, and authentication server suite designed for compatibility with Windows networks.

  • Samba Antivirus

    Realtime virus scanning at the file server is an elegant and efficient option for protecting Windows clients. We’ll show you some tools and techniques for realtime scanning with Samba.

  • Samba for Clusters

    Samba Version 3.3 and the CTDB lock manager provide full cluster support.

  • Samba Shuts Down Vulnerability in AD Interface

    The latest version of Samba, 3.0.26, removes a moderately critical vulnerability that only occurs in combination with Microsoft's Active Directory Service.

comments powered by Disqus

Issue 171/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)