[HSC-Unix] FW: Security Notification - Critical Samba Vulnera
bility
Wilson, Michael J
WILSONM at uthscsa.edu
Tue Apr 8 00:01:21 CDT 2003
Hi Sherry --
I spotted several links about the Samba vulnerability tonight on
http://www.macsurfer.com
One of them is a description from Secunia at:
http://www.secunia.com/advisories/8533/
Secunia says to update to Samba 2.2.8, but your quoted message says 2.2.8 is
also vulnerable. So I guess we tune in tomorrow for the next chapter in
this saga. (I haven't rcvd anything yet from Apple Security.)
G'Night,
Mike W
> ----------
> From: Cummins, Sherry L
> Reply To: Unix users at the UT Health Science Center
> Sent: Monday, April 7, 2003 22:24
> To: hsc-unix at bioc09.v19.uthscsa.edu (E-mail)
> Subject: [HSC-Unix] FW: Security Notification - Critical Samba
> Vulnerability
> Importance: High
>
>
> Unix SIG members:
>
> This notification is from our intrusion detection service. On occasion
> they
> notify us of new threats or trends that may be significant for us. This
> one
> was announced by SAMBA today, and has not even been voted on by the CVE
> board yet -- however both SAMBA and CIRC say there is an active exploit
> for
> it already in the wild. Nothing from CERT yet but that is not too unusual
> anymore. If you use SAMBA, please check the notification at the link
> below
> and take action if needed, however keep an eye out for further news and
> developments.
>
> Sherry
>
> > Dear Valued Customer,
> >
> > We are contacting you to inform you of what appears to be a new threat
> on
> the Internet.
> >
> > Samba, a popular Open Source software suite that provides seamless file
> > and print services to SMB/CIFS clients has had a serious vulnerability
> > discovered in it.
> >
> > This vulnerability, if exploited correctly, leads to an anonymous user
> > gaining root access on a Samba serving system. All versions of Samba up
> to
> > and including Samba 2.2.8 are vulnerable (check your version with the
> > command smbd -v). An active exploit of the bug has been reported in the
> > wild. Alpha versions of Samba 3.0 and above are *NOT* vulnerable.
> >
> > The CSO Office is providing you with this alert as we believe this
> vulnerability
> > has wide spread impact and is worthy of immediate attention.
> >
> > ------------------------------------------------------------------
> > Vulnerability Assessment:
> >
> > The risk is HIGH. An active exploit is in the wild.
> >
> > ------------------------------------------------------------------
> > Systems affected:
> >
> > Any UNIX (Solaris, BSD...), Linux or other platform with Samba installed
> > and running.
> >
> > Certain distributions of Linux and BSD that may install Samba by
> default.
> >
> > Certain network attached storage products may be based on Samba. For
> > these systems you will need to contact the manufacturers directly to
> > better understand the risk.
> >
> > ------------------------------------------------------------------
> > Description:
> >
> > A buffer overflow vulnerability may be exploited by an attacker, giving
> > them remote root access.
> >
> > ------------------------------------------------------------------
> > Execution:
> >
> > Exploits are now publicly available to remotely compromise exposed
> hosts.
> >
> > ------------------------------------------------------------------
> > Remediation:
> >
> > Patches and source code updates are available at www.samba.org.
> >
> > ------------------------------------------------------------------
> > More information:
> >
> > For more information, see www.samba.org.
> >
> > ------------------------------------------------------------------
> > ###
> >
> _______________________________________________
> HSC-Unix mailing list
> HSC-Unix at biochem.uthscsa.edu
> http://biochem.uthscsa.edu/mailman/listinfo/hsc-unix
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://biochem.uthscsa.edu/pipermail/hsc-unix/attachments/20030407/8be5df8e/attachment.htm
More information about the HSC-Unix
mailing list