What Gadget you are getting this Holiday?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading ... Loading ...

It is interesting to note how some very crucial security vulnerabilities in software are found a little too late. For instance, Samba just announced that it has now patched a remote code execution exploit which was present in all versions of Samba between 3.0.x and 3.6.3. This essentially means that this vulnerability is at least five years old since Samba released the 3.0.25 version as back as 2007.


This remote code execution exploit would have enabled a potential attacker to execute code as ‘root’ user acting as one from some anonymous connection. Nonetheless, the good news are that the vulnerability has been found and patched by Samba.

The developers of Samba described this security flaw in the following words, ‘ The code generator for Samba’s remote procedure call (RPC) code contained an error which caused it to generate code containing a security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network. The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the variable used to allocate the memory for that array. As both these variables are controlled by the connecting client it makes it possible for a specially crafted RPC call to cause the server to execute arbitrary code.

As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately.’

Samba has released three new security releases. These are for such versions of the software which are currently supported and you can find them here. Moreover, patches for older versions of Samba who have this exploit have also been made available here.

Buy Cheapest Related Product From Amazon.com


Smart Car Utilizes ASCII Art To Create Twitter Commercial

Now You Can Trade-In CDs At Amazon
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On April 13, 2012(2 years, 5 months ago.)

Recent Products

Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Compare  

What Do You Think?

Loading Disqus Comments ...
Loading Facebook Comments ...

Recent Search

Recent Tutorials

The trick will let you to check your Facebook messages in the original app without downloading Messenger and it works with both iPhone or Android phone.
Want to block all disgusting ads from your android device? Read the tutorial to know how you can block ads on your Android and save data.
Want to repair your memory card? It's very easy to fix corrupted or damaged memory card. In fact you can fix it by yourself.
Are you the one who is frustrated because of the speed of your Android device? No worries, the article will help you increase the speed of that device.
Lately, Google has updated its Google Docs. Now users can crop, rotate, and add borders to images in a document without leaving Google Docs.
Adobe CS products are not free, but the good news is you can now download Photoshop CS2 & all other CS2 product completely free and it's absolutely legal.
At the beginning level, many people don't know how to use Gmail properly. For them, a here's a helpful guideline.
Skype now allows you to call directly from your Outlook account. Find the step-by-step installation process from this tutorial.
This tutorial helps you quickly resolve four of the most common problems that occur with Windows XP.
After releasing Look Back, many people didn't like it. So Facebook planned to add an Edit tool to the feature and now you can edit your Facebook Look Back video.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook