Security Updates For Samba


Recommended Posts

25 June 2009, 12:40

Security updates for Samba

The developers of the free file and print server Samba have released versions 3.0.35, 3.2.13 and 3.3.6 to address two vulnerabilities, one in the smbclient and one in the server. The smbclient tool has a format string vulnerability which can be triggered when the put command is used with malicious file names. In rare cases this could lead to the execution of unwanted code in Samba versions 3.0.31 to 3.3.5.

The server vulnerability can be found in smbd version 3.2.0 and 3.2.12 and allows the unauthorised change of permissions of a writeable file. The problem in this case is caused by missing initialisation for certain data. In addition to the new versions, there are patches for 3.35, for 3.2.12's smbclient, for 3.2.12's smbd and for 3.0.34.

See also:

Formatstring vulnerability in smbclient, Samba advisory.

Uninitialized read of a data value, Samba advisory.

Heise security - http://www.h-online.com/security/Security-...a--/news/113615

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...