Samba hit by eight-year old flaw

Samba, the widely used open source technology for sharing Windows files between Unix and Linux systems, has suffered its second security embarrassment of the last few weeks.

And the situation was worsened when a security firm accidentally posted its internal advisory featuring an exploit to the vulnerability that had remained hidden in the code for eight years.

The Samba team, in association with security firm Digital Defense, released an advisory on Monday concerning a major bug affecting all versions of Samba that are currently shipping.

"This vulnerability, if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system," said the Samba team.

Yesterday's revelation is unrelated to a previous flaw identified on 14 March. But that did not fix the latest flaw, which is believed to have been present in the code for as long as eight years, and it is being actively exploited.

Digital Defense discovered the bug on 1 April when it analysed a live attack against a host running Samba and quickly alerted the developers to the glitch.

With the vulnerability being actively exploited, Samba made the controversial decision of posting its advisory before all vendors had a chance to update their packages.

But the firm slipped up by posting the wrong advisory, which contained a ready and working exploit written in Perl. Any user who downloaded the code could simply run it against a vulnerable server to spawn a root shell on the target machine.

"The version of the advisory posted by Digital Defense did not have management approval and included exploit code that was not authorised for external distribution," the company admitted.

"We have taken aggressive procedural and policy measures to reduce the likelihood of a similar recurrence."

Users of Samba are advised to update immediately to the 2.2.8a release to fix this security issue.

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Security