back to article Update kills code-execution threat in Samba

Samba developers have warned of a software flaw that allows attackers to remotely execute malicious code on systems running the widely used file-sharing package. Version 3.5.5, which was released on Tuesday, fixes the underlying buffer overrun in functions used to generate a credential known as a Windows Security ID. It can be …


This topic is closed for new posts.
  1. This post has been deleted by its author

    1. Greg J Preece

      Have to admit

      For various reasons I've been asked to scrub up on iOS development. I nearly screamed like a little girl when I opened the coding manual and saw the keyword "malloc". Noooooooooo!

    2. Robert Forsyth

      Re: No No No No No

      You are using the "guns don't kill people, people do" argument - C doesn't write insecure programs, programmers do. Are you not?

      One could compare USA and Canada on gun related crime, but that ignores the rich - poor divide, and large verses small social groups; Switzerland is relatively crime free.

      1. Anonymous Coward


        In non-ironic mode I mean to say that C is a rusty, yet sharp knife welded to a rusty but functional AK-47 with silencer and a 1000 round magazine attached.

        You can choose the following options to mutilate yourself:

        A) posion blood from rust while trying to cut butter

        B) silently shoot your missus with the first 100 rounds while dropping C from the breakfast table

        C) silently shoot your whole family while using C to eat a part of your wedding cake

        Police will notice only one month later, as C's silencer is working very well.

        Oh, I forgot it has 100 meters of rope attached which you can use to strangulate yourself while trying to lower yourself from your mistress' second floor window to the ground. C's cloak will certainly deploy and only the circling ravens will notify the living of your death three weeks ago.

  2. Albert Gonzalez

    Need root password ???

    Excuse me, but if somebody has a root password, your problems mill be far more important than having a remote code execution by a stack overflow in Samba.

    1. Nigel 11
      Thumb Down

      Probably ...

      It's *possible* that your attacker doesn't have access to anything except the Samba (CIFS, Windows) ports, because the system is a fileserver for windows and any other access is being blocked by the system's firewall except from a few physically secure management systems.

      Not very likely, though. In general if an attacker has your root password, you've lost.

  3. Anonymous Coward


    Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

    People need to give themselves a shake and stop using MS products!

    1. Greg J Preece



      Someone wanna tell him? (Her?) (It?)

      1. Anonymous Coward
        Anonymous Coward

        It's ironic!

        I stole that comment from here:

        crap attempt at hilarity, I'll use the joke icon next time....

      2. TeeCee Gold badge

        Re: Errrr...

        You had it right the third time.

        "It" is the correct pronoun for a Troll, even a misguided one.

    2. Anonymous Coward
      Anonymous Coward


      Fail me.

    3. Robert Forsyth

      Re: Surpise

      A long long time ago, it was rumoured that if you created an ordinary user account named "root" on a MSDOS/Windows machine, when you connected to an Unix machine, that machine would assume you were that Unix machine's system-admin. Obviously, that is MS Windows fault.

      Samba is the effort of reverse engineering MS's file-server and RPC protocols to serve Linux files to Windows machine, because Microsoft wanted the ability to lock users into Windows and did not want to use the several standard systems available.

      1. Tom Chiverton 1


        Actually, the Samba team have access to the specs these days.

    4. Trevor_Pott Gold badge


      [fish eyed stare]

  4. SilverWave


    Says it all really.

This topic is closed for new posts.