Video: Firm finds kill switch after massive memcached DDoS attacks.
Samba has released new versions of its Windows-Linux compatible file- and printer-sharing software to address a password bug and a denial-of-service vulnerability.
The two vulnerabilities affect all versions since Samba 4.0.0’s release in December 2012.
The password bug allows any authenticated user on a Samba 4 LDAP server set up as an Active Directory Domain Controller (AC DC) to change other users’ passwords, including administrative users and service accounts, such as Domain Controllers.
Samba developers have only provided patches for supported versions of Samba, which includes Samba 4.5 and above. The issue is fixed in Samba 4.7.6, 4.6.14 and 4.5.16. However, it notes that patches for earlier versions may be made available.
Samba has provided workaround and support notes to assist admins monitor for unauthorized password changes before deploying the update.
“As Samba does not at this time change the machine account passwords of Domain Controllers, any change to these, or to the passwords of administrators should be a concern,” it warns.
“Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible,” it notes in the advisory for CVE-2018-1057.
The updated versions of Samba also shut down a denial-of-service vulnerability affecting certain configurations of Samba when it’s set up as a print server.
“All versions of Samba from 4.0.0 onwards are vulnerable to a denial-of-service attack when the RPC spoolss service is configured to be run as an external daemon,” Samba states in the advisory for CVE-2018-1050.
“Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.”
The issue is also fixed in Samba 4.7.6, 4.6.14 and 4.5.16, and patches are also available for Samba 4.4.16 and 4.3.13.
While the new bugs are serious enough to warrant applying fixes, Rapid7 yesterday highlighted there are about 500,000 internet-facing instances of Samba 3.2.x and 250,000 more of other versions.
As Rapid7’s chief security data scientist Bob Rudis points out, these pre-4.0 Samba instances might not be exposed to the current bugs, but 3.2.x instances are vulnerable to “far worse issues” than the password flaw.
Previous and related coverage
Criminals hit Linux servers to mine cryptocurrency at someone else’s expense.
First, it was Microsoft’s turn to deal with a terrible SMB security hole, WannaCry. Now, it’s the open-source SMB server Samba’s turn.
Researchers find an authentication protocol bug that affects Windows, Linux and Apple.