1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading...

It is interesting to note how some very crucial security vulnerabilities in software are found a little too late. For instance, Samba just announced that it has now patched a remote code execution exploit which was present in all versions of Samba between 3.0.x and 3.6.3. This essentially means that this vulnerability is at least five years old since Samba released the 3.0.25 version as back as 2007.


This remote code execution exploit would have enabled a potential attacker to execute code as ‘root’ user acting as one from some anonymous connection. Nonetheless, the good news are that the vulnerability has been found and patched by Samba.

The developers of Samba described this security flaw in the following words, ‘ The code generator for Samba’s remote procedure call (RPC) code contained an error which caused it to generate code containing a security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network. The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the variable used to allocate the memory for that array. As both these variables are controlled by the connecting client it makes it possible for a specially crafted RPC call to cause the server to execute arbitrary code.

As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately.’

Samba has released three new security releases. These are for such versions of the software which are currently supported and you can find them here. Moreover, patches for older versions of Samba who have this exploit have also been made available here.

Buy Cheapest Related Product From Amazon.com


Smart Car Utilizes ASCII Art To Create Twitter Commercial

Now You Can Trade-In CDs At Amazon
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On April 13, 2012(4 years, 5 months ago.)

You May Also Like:

What Do You Think?

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

There is a high-risk XSS Vulnerability in W3 Total Cache, and we have got the guide to the fix for you.
Check out this tutorial to know how to install Apple watchOS 3 beta certificate on your Apple Watch and start enjoying the new version.
If you are trying to jailbreak iPhone, iPad or iPod on iOS 9.2 - 9.3.3 without using a computer or Apple ID, then check this video tutorial.
Pokemon Go users are complaining about the crashing and server issues. Check out the tutorial to solve error problems and thanks us later.
Turning off Wi-Fi Assist is a great way to save mobile data since it automatically starts using cellular data when Wi-Fi signal is poor .
If you want to secure your SIM card from others using it, then check out this tutorial to know how to set up the SIM Pin code on your iPhone.
CiderTV is a great alternative to control Apple TV from the Notification Center. Check out this tutorial to set up CiderTV on your iPhone.
Are you annoyed by the split screen mode on the iPhone 6 Plus or 6s Plus? Check out this quick tutorial to turn off split screen feature.
If you could not wait to installed the iOS 10 beta version on you iPhone and now struggling for the errors, then this tutorial is for you.
Siri might not understand the question you asked. But you can use Siri by editing the text that you asked & it will give an updated answer.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook