Linux firms look to plug Samba hole

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1002-992965.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
March 17, 2003

The open-source community is pushing customers to patch their systems
to close a hole in a software component that allows Windows programs
to store and retrieve files on Linux and Unix servers.

Known as Samba, the popular software can be found on many workstations
and servers running any one of the variety of flavors of Linux and
Unix, including systems running Apple OS X. Members of the Samba team
planned to announce the vulnerability on Tuesday, but they released
information over the weekend because some believed a Web site break-in
in Germany may have been attributed to the software.

"We know of one site that may have been compromised by this," said
Jeremy Allison, co-author of Samba. "That's what precipitated the
release."

Several Linux editions--including Debian, Gentoo, and SuSE--released
patches for the problem. Apple Computer noted in an advisory that
Samba is not enabled by default with Mac OS X and Mac OS X Server, but
the company plans to issue a patch for version 10.2.4. Red Hat hasn't
yet released a patch but will do so soon, the company said in a
statement.

The popular software also is used by many file-server and print-server
network appliances that are based on the Linux operating system. The
danger for these is somewhat lessened, however, because people have
been regularly warned that running the software on a computer
connected to the Internet is dangerous.

"You would have to be crazy to run this over the Internet," Allison
said. The Windows file-sharing protocol, known as the Server Message
Block, has been a key weakness in PCs connected to the Internet in the
past, because people haven't always known to turn the feature off or
use a firewall to protect against intrusions. In general, Linux users
tend to be more savvy and know to be careful on computers that have
the feature turned on, Allison said.

The flaw occurs in the code that reassembles data that the software
receives from the Internet, according to the advisory. By sending the
server a specially crafted data packet, an attacker could overload the
memory used by the Samba software and cause the application to run
code of the intruder's choice.

While the problem was spotted by a security team at German Linux
software company SuSE last week, the problem apparently was leaked by
someone who had access to the Samba source code. Still, Roman
Drahtmueller, head of security for SuSE, stressed that finding the
problem during a code review gave companies time to respond.

"If you are going to have a flaw of this magnitude that is the best
way to catch it," he said. "That's a great advantage of open
source...People are able to look at the code and check its security."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.