Big Samba Security Bug Revealed


A skilled attacker could coax vulnerable versions of the feisty file server into executing arbitrary commands with root privileges.

The Samba team has confirmed a recent CVE report (CVE-2015-0240) regarding a flaw in the smbd file server daemon that could allow a remote user to execute arbitrary code with root privileges. The vulnerability, which was originally discovered by Microsoft, affects Samba versions from 3.5.0 to 4.2.0rc4.
The Samba project has already released a patch and recommends an immediate patch or upgrade. The Samba team also provides a workaround for versions 4.0.0 and later, which consists of disabling rpc_server netlogon.


Related content

comments powered by Disqus