This article is more than 1 year old
Samb-AAAHH! Scary remote execution vuln spotted in Windows-Linux interop code
Microsoft finds critical bug that hurts most recent Linuxes
Linux admins were sent scrambling to patch their boxes on Monday after a critical vulnerability was revealed in Samba, the open source Linux-and-Windows-compatibility software.
The bug, which has been designated CVE-2015-0240, lies in the smbd file server daemon. Samba versions 3.5.0 through 4.2.0rc4 are affected, the Samba Project said in a security alert.
An attacker who successfully exploits the flaw could potentially execute code remotely with root privileges, the project's developers warned. Root access is automatic and no login or authentication is necessary.
Samba is an open source software stack that allows Linux machines to act as both clients and servers for file and print services based on Microsoft's SMB/CIFS protocol. It also lets Linux integrate with Active Directory.
Because it ships with a wide range of Linux distributions, a great many systems could potentially be affected – although just how vulnerable a given system is to attack will depend on which distro it's running and at which patch level. Samba is also sometimes installed as a component of *BSD and OS X systems.
Red Hat's product security team has a more detailed analysis of the bug, which you can view here. The firm says that Red Hat Enterprise Linux versions 5 through 7 are affected, as are Red Hat Storage Server versions 2.1 and 3. The vuln is considered critical for all of the affected products with the exception of RHEL 7, where it's been ranked as merely "important."
Patches are already available from the Samba Project itself and several distros have already made updated packages available in their repositories, with others to follow soon.
Don't go blaming Microsoft for vulnerabilities in its protocols, either. This is strictly a bug in Samba's open source implementation of the stack, and credit for spotting it actually goes to Richard van Eeden of Microsoft Vulnerability Research, who also supplied the patch. ®