Samba needs two patches, unless you're happy for SMB servers to dance for evildoers

Big Linux distros have pushed their fixes, but let's not assume everything auto-patches, OK?

It’s time to patch Samba again - or turn off SAMBA 1, which is never as easy as it sounds.

The lid came off the issue a couple of days ago, when the big Linux distributions (Red Hat, Ubuntu, Debian and so on) rolled out fixes for a use-after-free error affecting all versions of SAMBA since 4.0 (published in 2012).

The bug means a malicious SMB1 request can give the attacker control over “the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server”, the project’s advisory said.

The problem with disabling SMB1, the natural workaround if you can’t run in the patch immediately, is that as readers have told The Register in previous incidents, there are clients that only support SMB1.

For example, it was only in July that Android’s Samba client added SMB2 and SMB3 - and not all users will have installed an update yet.

Sysadmins should also be warned, there’s a separate bug affecting all versions from 3.6.0 onwards: “server allocated heap memory may be returned to the client without being cleared”.

Samba's developers have detected exploits, but warned the uncleared heap memory might contain “password hashes or other high-value data”.

Patched software has been made available here. ?


Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17