You might have read the news this morning about a wormable code-execution bug discovered in the Samba free software re-implementation of the SMB/CIFS networking protocol, which existed in Samba for more than 7 years.According to the bug report, it would appear that Samba incorrectly handled shared libraries, thus allowing a remote attacker to upload a shared library to a writable share and then execute code on the affected, unpatched machines. The security flaw affects all Samba releases from version 3.5.0 onwards.
"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," reads Samba's latest security advisory published earlier today.
S... (read more)
from Softpedia News / Linux http://ift.tt/2rUOU2r
via IFTTT
No comments:
Post a Comment