Page 1 of 1

Samba service hit by remote code execution vulnerability

PostPosted: Wed Feb 25, 2015 2:40 pm
by Vipin
A critical vulnerability has been fixed in Samba — Open Source standard Windows interoperability suite of programs for Linux and Unix, that could have allowed hackers to remotely execute an arbitrary code in the Samba daemon (smbd).

Samba is an open source implementation of the SMB/CIFS network file sharing protocol that works on the majority of operating systems available today, which allows a non-Windows server to communicate with the same networking protocol as the Windows products. Samba is supported by many operating systems including Windows 95/98/NT, OS/2, and Linux.
smbd is the server daemon of Samba which provides file sharing and printing services to clients using the SMB/CIFS protocol. Samba is also sometimes installed as a component of *BSD and OS X systems.

The vulnerability, designated as CVE-2015-0240, actually resides in this smbd file server daemon. The bug can be exploited by hackers to potentially execute code remotely with root privileges, the Samba development team warned.
The team discovered that the vulnerability allowed a malicious client to send some packets that could free memory in a consecutive anonymous netlogon packet, leading to unexpected execution of random code. In case, root privileges are required which is automatic and no login or authentication is necessary.

The security vulnerability affects all versions of the Samba software, from the oldest supported stable release, Samba versions 3.5.0, to the current development version, 4.2.0 Release Candidate (RC) 4, the Samba Project said in a security alert.
Red Hat product team published a detailed analysis of this vulnerability on its blog post. According to the researchers, Red Hat Enterprise Linux versions 5 through 7 are affected, as are Red Hat Storage Server versions 2.1 and 3. Except RHEL7, the vulnerability is marked critical for all of the affected products. Other Linux distributions have also posted security alerts about the vulnerability.

A large number of users might potentially be at risk because Samba ships with a wide range of Linux distributions. However, users affected by the critical vulnerability also depends on which operating system they run on their machines.
The Samba development team has fixed the flaw in the new Samba version, Samba 4.1.17, which is available to download. The credit for discovering and reporting the flaw in Samba goes to the Microsoft Vulnerability Researcher, Richard van Eeden, who also provided the patch.

Meanwhile, other major Linux distributions, including Ubuntu, Debian and Suse, have also released updated packages in their repositories, with others to follow soon.