Canonical discloses Samba Vulnerability in Linux

Canonical has disclosed a security vulnerability that affects various versions, including the latest version 7.10, of its Linux distribution, as well as corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The flaw occurs because Samba, an application which provides seamless file and print services to SMB/CIFS clients, does not correctly check the size of reply packets to mailslot requests. It is therefore possible for a remote attacker to execute malicious code by sending a specially crafted domain logon packet, assuming that domain logon is enabled on the server. Thankfully, it is disabled by default in Ubuntu and upgrading libsmbclient as well as samba to the latest versions for the OS fixes the issue.

Update: Several members have noted in the comments that this is, in fact, not a vulnerability limited to Ubuntu, but is a problem with samba itself. We recommend keeping up to date, no matter what distribution you are using.

Report a problem with article
Previous Story

Sysinternals Suite Build 2007-12-18

Next Story

eBoostr 1.1 build 398

7 Comments

Gracias!

Most experienced *nixers will know that the root problem isn't "Ubuntu", and double-check their FreeBSD/Fedora/Suse boxes. But some may not have known that the problems isn't limited to Ubuntu.

markjensen said,
Gracias!

Most experienced *nixers will know that the root problem isn't "Ubuntu", and double-check their FreeBSD/Fedora/Suse boxes. But some may not have known that the problems isn't limited to Ubuntu.

i assumed it was only ubuntu as quite a few distributions don't keep packages up to date with the actual source code and instead elect to patch the version that was sent out with the distribution version. knowing that, when you see things like 'vulnerability in distro X', and X is one of those not keeping up with actual versions, then you automatically assume it's only applicable to that distribution.

would be nice to see this news post updated to reflect that it is indeed a samba problem and nothing to do with linux/ubuntu

Commenting is disabled on this article.