The developers of Samba yesterday released new versions and security patches to address a critical vulnerability that can be exploited by remote attackers to execute code as the "root" user from an anonymous connection. All Samba versions between 3.0.x and 3.6.3 (inclusive) are affected. Given that 3.0.25 was released in 2007, the vulnerability has been present in Samba for some five years, as pointed out by ZDNet reader Jeremy Allison.
The company has issued patches addressing the security flaw for currently supported versions of Samba (3.4.x, 3.5.x, and 3.6.x), and Samba administrators are being urged to update. In fact, due to how serious the vulnerability is, patches have been released for all Samba versions from 3.0.37 onwards, even though most of them are currently out of support.
Here's how Samba described the flaw in its security bulletin CVE-2012-1182):
The code generator for Samba's remote procedure call (RPC) code contained an error which caused it to generate code containing a security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network.
The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the variable used to allocate the memory for that array. As both these variables are controlled by the connecting client it makes it possible for a specially crafted RPC call to cause the server to execute arbitrary code.
As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately.
Samba is the open source software that enables file and print sharing between Windows, Mac OS X, and Linux computers. It comes pre-installed on most Linux distributions, as well as on Apple's Mac OS X Server.
Samba is also included on many UNIX-based devices like network printers, network storage, as well as other media and file-sharing devices, to facilitate transferring files between them and Windows systems. These installations are more difficult to patch, since Samba is embedded and probably can't be updated.