Critical code execution bug in Samba gives attackers superuser powers

A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.

Samba is an open source implementation of the file-sharing components of Microsoft Windows. Most Linux releases and a wide variety of other operating systems use Samba to handle file-sharing with Windows systems.

The newly discovered bug can be exploited by sending specially manipulated traffic to a vulnerable system. The remote code execution vulnerability resides in Samba's nmbd NetBIOS name service daemon and is the result of the daemon incorrectly handling certain memory operations. The bug was found and fixed by Volker Lendecke, a Samba Team member working for SerNet.

Read 2 remaining paragraphs | Comments