Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: June 24, 2009
Lauren Gerber
1
Vote
0

Don't Bypass The Samba Security Bypass Vulnerability
 

Enter.jpg

It doesn't rain but it storms, this saying relates very well to the world of computer security, which is no exception to this rule. Not one but two vulnerabilities have been reported in Samba. The slogan of Samba is: opening Windows to a wider world. Samba is not only open source but is also free software that gives specific seamless print and file services to its clients.

Samba is able to run on various platforms with the inclusion of UNIX, linux, OpenVMS as well as the majority of the Microsoft Windows versions. Some of the files of the widely used Windows Vista may include but are by no means limited to the following: xmllite.dll, wsupgrade.dll, wmimigrationplugin.dll, winsetup.dll, wininetplugin.dll as well as win32ui.dll.

The two vulnerabilities which have been located in Samba:

  1. A particular format string error has been found in the "smbclient" utility. This happens when the processing of file names occurs. This may be exploited which will result in the execution of arbitrary code.
  2. There is an uninitialized memory access error in the smbd when the denying of attempts to change the restricted access control list (ACL), takes place. This error may be exploited in order to change the ACL of a file that is already writable, without obtaining permission.

Samba.jpgWith regard to the uninitialized memory access error, it is vital for users to understand that in order for this vulnerability to be exploited successfully, "something needs to happen". This "something" that needs to happen, is that it is required that "dos file mode" is set to "yes" in smb.conf. The impact of both of these vulnerabilities includes unauthorized system access as well as security bypassing.

Both of these vulnerabilities have luckily been rated as less critical. This does not mean that users shouldn't take it seriously and take the necessary precautions. The solution to these vulnerabilities is to apply the relevant patches. With regard to the uninitialized memory access error, the vulnerability pertains to versions 3.0.31 through to 3.3.5. With regard to the format string error, the vulnerability pertains to versions 3.2.0 through to 3.2.12. The ultimate solution is to Update to versions 3.0.35, 3.2.13, or alternatively versions 3.3.6.

Resources:
The official Samba site.
The Samba advisory.
Another Samba advisory.
Some more vulnerabilities.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Fake Profiles On Fakebook/Facebook!
March 12, 2010
I am not fake. more..
Dr. Guard Can Hit Your Computer Hard
March 12, 2010
Very nasty thing it killed alot of files that were essential for windows to even run It turned... more..
Beware Of Your Email Getting Hacked!
March 12, 2010
sir i was interest to learn hacking more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > Don't Bypass The Samba Security Bypass Vulnerability