If you’re not familiar with it, Samba is a *nix variant of the Microsoft SMB protocol, which Windows uses for file and print sharing. If you have Linux systems and access Windows shares, you use Samba.
According to a security advisory, Samba versions 3.0.x through 3.6.3 suffer from a serious security vulnerability involving the way they handle specially crafted RPC calls. By sending maliciously crafted network traffic to a Samba-enabled computer, a remote, unauthenticated attacker can leverage this vulnerability to gain complete control of that machine with root privileges. This is an extremely critical vulnerability since the attacker doesn’t have to authenticate, and gains full privileges on the victim machine.
The only good news is most administrators don’t expose their SMB file shares (ports 137, 138, 139, and 445) to the Internet. If you have a firewall, or one of our XTM appliances, it blocks external attackers from accessing these ports by default. Nonetheless, this serious flaw still poses a very significant internal threat. If you use Samba on any *nix machines, you should download and deploy the appropriate Samba updates immediately. Fixed versions include:
- 3.6.4
- 3.5.14
- 3.4.16
You can find more details about these patches, and where to get them, in the “Patch Availability” section of Samba’s advisory. — Corey Nachreiner, CISSP (@SecAdept)