Wednesday, March 4, 2015

Samba CRITICAL security flaw Patched!!

Samba - a widely used application for file and print sharing between computers running on Windows, Unix or Linux are vulnerable to remote code execution as an administrator and rates as HIGH severity flaw. According to Red Hat Product Security team, CVE-2015-0240 covers this issue that occurs due to an error in the smbd file server daemon. An attacker can trigger via specially-crafted packets to the Samba server, thus results in execution of arbitrary code with root privileges. Samba versions 3.5.0 to 4.2.0rc4 are prone to this flaw so users are advised to apply the latest version i.e, 4.1.17, 4.0.25, and 3.6.25. Samba team credits Richard van Eeden of Microsoft Vulnerability Research for identifying the security flaw and also providing the fix. <more>

No comments: