Loading ...
Sorry, an error occurred while loading the content.

8826Re: [nslu2-general] Re: samba2 on pogoplug not accessible from mac

Expand Messages
  • Ron Guerin
    Jan 4, 2013
      On 01/04/2013 10:21 PM, Gregg Levine wrote:
      > On Fri, Jan 4, 2013 at 8:43 PM, Ron Guerin<ron@...> wrote:
      >> On 01/04/2013 08:28 PM, oddballhero wrote:
      >>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
      >>
      >> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
      >>
      >>> I've been running 3.6 for some time.
      >>
      >> FYI: https://www.samba.org/samba/security/CVE-2012-1182
      >>
      >> The version I see in Optware, is 3.2.15-5, which would also be
      >> vulnerable to the above exploit.
      >>
      >> - Ron
      >>
      >
      > Hello!
      > Ron nice to see you here.

      I bought an ASUS RT-N16 last year. The discovery of Optware has led to
      a device I continue to find new uses for.

      > What is the exploit? For those of us who do not follow those please
      > summarize.

      I don't follow these either. I went to look up the year Samba3 was
      released and found the security warning on the Wikipedia page. The
      entire description is summary length, so I'll post it here.

      ===========
      Description
      ===========

      Samba versions 3.6.3 and all versions previous to this are affected by
      a vulnerability that allows remote code execution as the "root" user
      from an anonymous connection.

      The code generator for Samba's remote procedure call (RPC) code
      contained an error which caused it to generate code containing a
      security flaw. This generated code is used in the parts of Samba that
      control marshalling and unmarshalling of RPC calls over the network.

      The flaw caused checks on the variable containing the length of an
      allocated array to be done independently from the checks on the
      variable used to allocate the memory for that array. As both these
      variables are controlled by the connecting client it makes it possible
      for a specially crafted RPC call to cause the server to execute
      arbitrary code.

      As this does not require an authenticated connection it is the most
      serious vulnerability possible in a program, and users and vendors are
      encouraged to patch their Samba installations immediately.
    • Show all 24 messages in this topic