Monday, November 15, 2004

Samba Venurability

Happy Diwali to all My readers once again.

All of us are using samba or mebe tried it some time or the other. A venurability was pointed out by iDEFENSE to samba. The attacker could cause high CPU loads (processing) causing a denial of service to the users.

The affected versions are Samba 3.0.x <= 3.0.7.

Developers at samba suggest to upgrade to the latest version ASAP and to those who cannot do it for the time being samba has suggested some recomendations as below.

  • Limiting the number of concurrent connections
  • Using host based protection
  • Using interface protection
  • Using a firewall
  • Using a IPC$ share deny

If you wanna know more on how to do it you can either ping me :D or check out the well documented samba web page here.

The source of this info was Gentoo Security Advisory #GLSA 200411-21 / samba and the samba release on the website.



Post a Comment

<< Home