Leak in Samba Versions from 3.0.29

Dec 03, 2008

Mathias Huber

Samba versions from 3.0.29 include a security failure. Developers have released an update to fix it.

The Samba advisory indicates that the security leak resulted from a change to GNU Compiler Collection (GCC) version 4 optimization. It seems a cut-and-paste error in the range checking code can allow a malicious client to alter the Server Message Block (SMB) process to pass arbitrary memory requests back to itself.

The Samba team ran into the error during an internal code investigation. The advisory recommends an immediate patch upgrade.

Patches are available for download here. The new Samba versions, 3.2.5 and 3.0.33 already have the patches applied. The team also points to the fact that the Samba 3.2 directories are now located in the /recent directory and are no longer in an experimental state.

Related content

INSECURITY NEWS

more »
Samba for Clusters

Samba Version 3.3 and the CTDB lock manager provide full cluster support.

more »
Debian Updates Lenny

An update for the new, stabler version of Debian 5.0 has appeared over Easter.

more »
Next Alpha Version of Samba 4

The developers of the Samba 4 version have released the second alpha version three months after the initial alpha.

more »
Samba 3.4 and 4 Merge into Franky

Developers of the free Samba server have packed the newest version 4 into the 3.4 tarball to form Franky.

more »

comments powered by Disqus

Issue 202/2017

Buy this issue as a PDF

Digital Issue: Price $9.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

LibreOffice 5.4 Released

Comes with improved support for Microsoft Office file formats.
Red Hat to Drop Support for Btrfs

The company is building their own storage solution called Stratis.
Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
Kolab Now Integrates Collabora Online

Kolab Now subscribers now have access to Collabora Online.
Endless OS, a Distribution Without Internet

A new version of Endless OS has been released.
GitHub Announces Open Source Friday Program

They encourage people to take time out and work on open source projects on Friday.
System76 Announces Their Own Distro, Pop!_OS

Pop!_OS is based on Ubuntu and uses the Gnome stack.
Linus Torvalds Talks About His Motivation

He never tires of working on the Linux kernel.
Debian 9 Stretches Its Wings

The new release of Debian has a very strong focus on security.
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.