Critical code execution bug in Samba gives attackers superuser powers
A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.
Samba is an open source implementation of the file-sharing components of Microsoft Windows. Most Linux releases and a wide variety of other operating systems use Samba to handle file-sharing with Windows systems.
The newly discovered bug can be exploited by sending specially manipulated traffic to a vulnerable system. The remote code execution vulnerability resides in Samba’s nmbd NetBIOS name service daemon and is the result of the daemon incorrectly handling certain memory operations. The bug was found and fixed by Volker Lendecke, a Samba Team member working for SerNet.
“A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon,” an advisory published Friday warned. “It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).”
The post advises users to apply a recently released patch as soon as possible. (Recent Samba versions 4.1.11 and 4.0.21 already have the patch applied.) Those who are unable to update immediately should stop running nmbd.