[ISN] Linux firms look to plug Samba hole

From: InfoSec News (isnat_private)
Date: Tue Mar 18 2003 - 05:41:47 PST

  • Next message: InfoSec News: "[ISN] Study: Human error causes most security breaches"

    http://news.com.com/2100-1002-992965.html?tag=fd_top
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    March 17, 2003
    
    The open-source community is pushing customers to patch their systems
    to close a hole in a software component that allows Windows programs
    to store and retrieve files on Linux and Unix servers.
    
    Known as Samba, the popular software can be found on many workstations
    and servers running any one of the variety of flavors of Linux and
    Unix, including systems running Apple OS X. Members of the Samba team
    planned to announce the vulnerability on Tuesday, but they released
    information over the weekend because some believed a Web site break-in
    in Germany may have been attributed to the software.
    
    "We know of one site that may have been compromised by this," said
    Jeremy Allison, co-author of Samba. "That's what precipitated the
    release."
    
    Several Linux editions--including Debian, Gentoo, and SuSE--released
    patches for the problem. Apple Computer noted in an advisory that
    Samba is not enabled by default with Mac OS X and Mac OS X Server, but
    the company plans to issue a patch for version 10.2.4. Red Hat hasn't
    yet released a patch but will do so soon, the company said in a
    statement.
    
    The popular software also is used by many file-server and print-server
    network appliances that are based on the Linux operating system. The
    danger for these is somewhat lessened, however, because people have
    been regularly warned that running the software on a computer
    connected to the Internet is dangerous.
    
    "You would have to be crazy to run this over the Internet," Allison
    said. The Windows file-sharing protocol, known as the Server Message
    Block, has been a key weakness in PCs connected to the Internet in the
    past, because people haven't always known to turn the feature off or
    use a firewall to protect against intrusions. In general, Linux users
    tend to be more savvy and know to be careful on computers that have
    the feature turned on, Allison said.
    
    The flaw occurs in the code that reassembles data that the software
    receives from the Internet, according to the advisory. By sending the
    server a specially crafted data packet, an attacker could overload the
    memory used by the Samba software and cause the application to run
    code of the intruder's choice.
    
    While the problem was spotted by a security team at German Linux
    software company SuSE last week, the problem apparently was leaked by
    someone who had access to the Samba source code. Still, Roman
    Drahtmueller, head of security for SuSE, stressed that finding the
    problem during a code review gave companies time to respond.
    
    "If you are going to have a flaw of this magnitude that is the best
    way to catch it," he said. "That's a great advantage of open
    source...People are able to look at the code and check its security."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Mar 18 2003 - 08:37:20 PST