Canonical has disclosed a security vulnerability that affects various versions, including the latest version 7.10, of its Linux distribution, as well as corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The flaw occurs because Samba, an application which provides seamless file and print services to SMB/CIFS clients, does not correctly check the size of reply packets to mailslot requests. It is therefore possible for a remote attacker to execute malicious code by sending a specially crafted domain logon packet, assuming that domain logon is enabled on the server. Thankfully, it is disabled by default in Ubuntu and upgrading libsmbclient as well as samba to the latest versions for the OS fixes the issue.
Update: Several members have noted in the comments that this is, in fact, not a vulnerability limited to Ubuntu, but is a problem with samba itself. We recommend keeping up to date, no matter what distribution you are using.
Update: Several members have noted in the comments that this is, in fact, not a vulnerability limited to Ubuntu, but is a problem with samba itself. We recommend keeping up to date, no matter what distribution you are using.
http://news.google.com/news?q=samba+vulnerability+mailslot
If you have samba running on any box, update. *
* Note: If you run a system that you don't keep regularly updated, then you are part of the security problem.
Most experienced *nixers will know that the root problem isn't "Ubuntu", and double-check their FreeBSD/Fedora/Suse boxes. But some may not have known that the problems isn't limited to Ubuntu.
Most experienced *nixers will know that the root problem isn't "Ubuntu", and double-check their FreeBSD/Fedora/Suse boxes. But some may not have known that the problems isn't limited to Ubuntu.
i assumed it was only ubuntu as quite a few distributions don't keep packages up to date with the actual source code and instead elect to patch the version that was sent out with the distribution version. knowing that, when you see things like 'vulnerability in distro X', and X is one of those not keeping up with actual versions, then you automatically assume it's only applicable to that distribution.
would be nice to see this news post updated to reflect that it is indeed a samba problem and nothing to do with linux/ubuntu
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.