Samba servers vulnerable to denial-of-service attacks
The two relatively minor flaws could crash or make unresponsive systems running version 3 of Samba, an open-source software package that allows Windows files and printers to be shared by Unix and Linux systems.
The flaws, known as denial-of-service vulnerabilities, basically could be used to disconnect Samba servers from the network by either overrunning the computer's memory to such an extent that it cannot function or by sending a specially crafted network request that would crash the NetBIOS function.
"We have not had any reports in the wild of these" flaws being used by attackers, said Gerald Carter, a member of the Samba Team.
The Samba open-source software project has had its share of flaws since version 3.0 was published a year ago, including two vulnerabilities announced in July and another vulnerability reported in February. The current release, 3.0.7, fixes the two denial-of-service issues. The flaws do not affect versions of the software prior to 3.0.
Security information provider Secunia rated the flaws "less critical," that company's second-lowest grading of threats.