Canonical has disclosed a security vulnerability that affects various versions, including the latest version 7.10, of its Linux distribution, as well as corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The flaw occurs because Samba, an application which provides seamless file and print services to SMB/CIFS clients, does not correctly check the size of reply packets to mailslot requests. It is therefore possible for a remote attacker to execute malicious code by sending a specially crafted domain logon packet, assuming that domain logon is enabled on the server. Thankfully, it is disabled by default in Ubuntu and upgrading libsmbclient as well as samba to the latest versions for the OS fixes the issue.
Update: Several members have noted in the comments that this is, in fact, not a vulnerability limited to Ubuntu, but is a problem with samba itself. We recommend keeping up to date, no matter what distribution you are using.
7 Comments - Add comment