Peaches Posted June 25, 2009 Report Share Posted June 25, 2009 25 June 2009, 12:40Security updates for Samba The developers of the free file and print server Samba have released versions 3.0.35, 3.2.13 and 3.3.6 to address two vulnerabilities, one in the smbclient and one in the server. The smbclient tool has a format string vulnerability which can be triggered when the put command is used with malicious file names. In rare cases this could lead to the execution of unwanted code in Samba versions 3.0.31 to 3.3.5.The server vulnerability can be found in smbd version 3.2.0 and 3.2.12 and allows the unauthorised change of permissions of a writeable file. The problem in this case is caused by missing initialisation for certain data. In addition to the new versions, there are patches for 3.35, for 3.2.12's smbclient, for 3.2.12's smbd and for 3.0.34.See also:Formatstring vulnerability in smbclient, Samba advisory.Uninitialized read of a data value, Samba advisory.Heise security - http://www.h-online.com/security/Security-...a--/news/113615 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.