Leak in Samba Versions from 3.0.29

Dec 03, 2008

Samba versions from 3.0.29 include a security failure. Developers have released an update to fix it.

The Samba advisory indicates that the security leak resulted from a change to GNU Compiler Collection (GCC) version 4 optimization. It seems a cut-and-paste error in the range checking code can allow a malicious client to alter the Server Message Block (SMB) process to pass arbitrary memory requests back to itself.

The Samba team ran into the error during an internal code investigation. The advisory recommends an immediate patch upgrade.

Patches are available for download here. The new Samba versions, 3.2.5 and 3.0.33 already have the patches applied. The team also points to the fact that the Samba 3.2 directories are now located in the /recent directory and are no longer in an experimental state.

Related content

comments powered by Disqus

Issue 30: Getting Started with Linux/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

DevOps

News

Tag Cloud

Administration Community Events Hardware Linux Linux New Media Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source
njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia