*nix Administrators Should Patch Samba ASAP

Unless you’re an eagle-eyed, super perceptive Linux administrator, you may have missed the major update the Samba team quietly released during this week’s busy Microsoft and Adobe Patch Day. However, if you use Samba, you’ll want to apply this update post-haste.

If you’re not familiar with it, Samba is a *nix variant of the Microsoft SMB protocol, which Windows uses for file and print sharing. If you have Linux systems and access Windows shares, you use Samba.

According to a security advisory, Samba versions 3.0.x through 3.6.3 suffer from a serious security vulnerability involving the way they handle specially crafted RPC calls. By sending maliciously crafted network traffic to a Samba-enabled computer, a remote, unauthenticated attacker can leverage this vulnerability to gain complete control of that machine with root privileges. This is an extremely critical vulnerability since the attacker doesn’t have to authenticate, and gains full privileges on the victim machine.

The only good news is most administrators don’t expose their SMB file shares (ports 137, 138, 139, and 445) to the Internet. If you have a firewall, or one of our XTM appliances, it blocks external attackers from accessing these ports by default. Nonetheless, this serious flaw still poses a very significant internal threat. If you use Samba on any *nix machines, you should download and deploy the appropriate Samba updates immediately. Fixed versions include:

  • 3.6.4
  • 3.5.14
  • 3.4.16

You can find more details about these patches, and where to get them, in the “Patch Availability” section of Samba’s advisory. — Corey Nachreiner, CISSP (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

3 Responses to “*nix Administrators Should Patch Samba ASAP”

  1. Definitely consider that which you said. Your favourite justification seemed to be on the internet the easiest factor to be mindful
    of. I say to you, I definitely get irked even as other folks
    think about worries that they just do not understand about.
    You controlled to hit the nail upon the highest and also defined out the entire
    thing with no need side-effects , folks can take a signal.

    Will likely be back to get more. Thank you

Trackbacks/Pingbacks

  1. WatchGuard Security Week in Review: Episode 13 | WatchGuard Security Center - April 13, 2012

    […] Critical Samba update – WatchGuard Security Center […]

  2. WatchGuard Security Week in Review: Episode 13 « microreksa - April 15, 2012

    […] Critical Samba update – WatchGuard Security Center […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: