June 14, 2021

Samaba Updated to Close Nine-Year-Old Security Hole

(LiveHacking.Com) – A new version of Samaba has been released to fix a nine year old security vulnerability that allows remote code execution as the “root” user from an anonymous connection. All versions of Samaba from Samba 3.0.x to 3.6.3 are affected. Samba 3.0.x was released in 2003 meaning that the vulnerability has been in the code base for almost a decade!

According to the security advisory the “code generator for Samba’s remote procedure call (RPC) code contained an error which caused it to generate code containing a security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network.” The problem revolves around memory allocation length checks which can be controlled by the connecting client. This means that a specially crafted RPC call can be used to cause the server to execute arbitrary code.

This is the most serious type vulnerability possible as it does not require an authenticated connection. Users and vendors are encouraged to patch their Samba installations immediately.

Affected Operating Systems

Samba is the open source implementation of the SMB/CIFS networking protocol used predominantly by Windows. It enables file and print sharing between Windows, Mac OS X, Linux and FreeBSD machines and often comes pre-installed on popular Linux distributions and is included in OS X from Apple.

Samba is also included on certain embedded devices like network storage and media sharing devices. Due to their embeedded nature it is likely that a new firmware release will be needed from the manufacturers, which in many cases won’t happen. If you use such a device you need to only use it on a trusted network.

The open source network attached storage solution FreeNAS has been updated to include the fixes. FreeNAS-8.0.4-RELEASE-p1 contains Samba 3.6.4 and can be downloaded from https://sourceforge.net/projects/freenas/files/FreeNAS-8.0.4/

Patch Availability

Patches are now available at http://www.samba.org/samba/security. Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been released to correct the defect and due to the seriousness of this vulnerability, patches have been released for all Samba versions currently out of support and maintenance from 3.0.37 onwards.