- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software.
The bug is one of three vulnerabilities that were patched Monday by the Samba team in the Samba 3.0.25 release.
The flaw is considered to be particularly worrisome for two reasons: It could be remotely exploited by an attacker to run unauthorized code on the Samba server and there is no known work-around for the flaw. Samba ships with Linux and Unix operating systems and is a popular way of allowing Windows clients to print and store files using a Linux or Unix machine.
It's been a few years since Samba has had to fix this kind of vulnerability, which is due to a coding error affecting the way Samba puts data into the computer's memory, said Samba developer Jeremy Allison. "This kind of bug is rare for us," he said Monday in an e-mail interview. "That's why we're embarrassed."
Still, there is no known exploit code for the problem, and even if there were, an attacker would first have to find a way to reach a Samba server via Microsoft's Remote Procedure Call (RPC) service, which is typically blocked by the firewall.
The flaw could give attackers a way to jump from a compromised Windows computer to a Samba server, said David Endler, director of security research at 3Com Corp.'s TippingPoint division, which first reported the flaw. "The real danger here is if an exploit is developed, it could be integrated into the latest botnet software," he said.
Endler added that he would be "surprised" if an exploit for the problem were not developed over the next few weeks.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment