Samba developers have warned of a software flaw that allows attackers to remotely execute malicious code on systems running the widely used file-sharing package. Version 3.5.5, which was released on Tuesday, fixes the underlying buffer overrun in functions used to generate a credential known as a Windows Security ID. It can be …
Have to admit
For various reasons I've been asked to scrub up on iOS development. I nearly screamed like a little girl when I opened the coding manual and saw the keyword "malloc". Noooooooooo!
Re: No No No No No
You are using the "guns don't kill people, people do" argument - C doesn't write insecure programs, programmers do. Are you not?
One could compare USA and Canada on gun related crime, but that ignores the rich - poor divide, and large verses small social groups; Switzerland is relatively crime free.
In non-ironic mode I mean to say that C is a rusty, yet sharp knife welded to a rusty but functional AK-47 with silencer and a 1000 round magazine attached.
You can choose the following options to mutilate yourself:
A) posion blood from rust while trying to cut butter
B) silently shoot your missus with the first 100 rounds while dropping C from the breakfast table
C) silently shoot your whole family while using C to eat a part of your wedding cake
Police will notice only one month later, as C's silencer is working very well.
Oh, I forgot it has 100 meters of rope attached which you can use to strangulate yourself while trying to lower yourself from your mistress' second floor window to the ground. C's cloak will certainly deploy and only the circling ravens will notify the living of your death three weeks ago.
Need root password ???
Excuse me, but if somebody has a root password, your problems mill be far more important than having a remote code execution by a stack overflow in Samba.
It's *possible* that your attacker doesn't have access to anything except the Samba (CIFS, Windows) ports, because the system is a fileserver for windows and any other access is being blocked by the system's firewall except from a few physically secure management systems.
Not very likely, though. In general if an attacker has your root password, you've lost.
Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
People need to give themselves a shake and stop using MS products!
Someone wanna tell him? (Her?) (It?)
A long long time ago, it was rumoured that if you created an ordinary user account named "root" on a MSDOS/Windows machine, when you connected to an Unix machine, that machine would assume you were that Unix machine's system-admin. Obviously, that is MS Windows fault.
Samba is the effort of reverse engineering MS's file-server and RPC protocols to serve Linux files to Windows machine, because Microsoft wanted the ability to lock users into Windows and did not want to use the several standard systems available.
I stole that comment from here: http://www.theregister.co.uk/2010/09/14/web_apps_crypto_flaw/
crap attempt at hilarity, I'll use the joke icon next time....
You had it right the third time.
"It" is the correct pronoun for a Troll, even a misguided one.
Actually, the Samba team have access to the specs these days.
[fish eyed stare]
Says it all really.