Samba Patches New Remote Code Execution Flaw

A new vulnerability was recently found in Samba, the Windows interoperability suite of programs for Linux and Unix. The vulnerability, once successfully exploited, could result in remote code execution, which may possibly compromise a server’s security.

This security flaw is covered in CVE-2015-0240 and resides in the smbd file server. It could be exploited via specially crafted packets by a malicious Samba client. Apart from executing arbitrary codes on the affected Samba servers, the vulnerability can also allow root privileges, which means that attackers don’t need authentication.

Samba is also employed for file and print services related to Microsoft’s Server Message Block (SMB)/ Common Internet File System (CIFS) protocol. Based on reports, the vulnerable versions of Samba are:

  • Samba 3.5.x and 3.6.x before 3.6.25
  • Samba 4.0.x before 4.0.25
  • Samba 4.1.x before 4.1.17
  • Samba 4.2.x before 4.2.0rc5

While the vulnerability allows remote attackers to execute commands on these servers, the impact is considered limited due to the fact that SMB servers are not public. This means that attackers need to find means for these infected servers to connect outside the network.

No reported attack seen in the wild, however, enterprises and large organizations are advised to immediately apply the patch released by Samba. As a workaround, check if the servers do not connect outside the network.

Vulnerabilities in software and systems are often used by cybercriminals and threat actors in order to infiltrate a target network. Both new and tried-and-tested vulnerabilities are exploited thus introducing risks to the network. Patching and updating systems/software is crucial and highly recommended.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.