Feeds

back to article Update kills code-execution threat in Samba

Samba developers have warned of a software flaw that allows attackers to remotely execute malicious code on systems running the widely used file-sharing package. Version 3.5.5, which was released on Tuesday, fixes the underlying buffer overrun in functions used to generate a credential known as a Windows Security ID. It can be …

COMMENTS

This topic is closed for new posts.

This post has been deleted by its author

Silver badge

Have to admit

For various reasons I've been asked to scrub up on iOS development. I nearly screamed like a little girl when I opened the coding manual and saw the keyword "malloc". Noooooooooo!

0
1

Re: No No No No No

You are using the "guns don't kill people, people do" argument - C doesn't write insecure programs, programmers do. Are you not?

One could compare USA and Canada on gun related crime, but that ignores the rich - poor divide, and large verses small social groups; Switzerland is relatively crime free.

0
0
Stop

Hmmm

In non-ironic mode I mean to say that C is a rusty, yet sharp knife welded to a rusty but functional AK-47 with silencer and a 1000 round magazine attached.

You can choose the following options to mutilate yourself:

A) posion blood from rust while trying to cut butter

B) silently shoot your missus with the first 100 rounds while dropping C from the breakfast table

C) silently shoot your whole family while using C to eat a part of your wedding cake

Police will notice only one month later, as C's silencer is working very well.

Oh, I forgot it has 100 meters of rope attached which you can use to strangulate yourself while trying to lower yourself from your mistress' second floor window to the ground. C's cloak will certainly deploy and only the circling ravens will notify the living of your death three weeks ago.

2
2
WTF?

Need root password ???

Excuse me, but if somebody has a root password, your problems mill be far more important than having a remote code execution by a stack overflow in Samba.

1
0
Silver badge
Thumb Down

Probably ...

It's *possible* that your attacker doesn't have access to anything except the Samba (CIFS, Windows) ports, because the system is a fileserver for windows and any other access is being blocked by the system's firewall except from a few physically secure management systems.

Not very likely, though. In general if an attacker has your root password, you've lost.

0
0
Happy

Surprise

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

0
1
Silver badge

Errrr...

Um....

Someone wanna tell him? (Her?) (It?)

3
0
Anonymous Coward

Words

Fail me.

0
0

Re: Surpise

A long long time ago, it was rumoured that if you created an ordinary user account named "root" on a MSDOS/Windows machine, when you connected to an Unix machine, that machine would assume you were that Unix machine's system-admin. Obviously, that is MS Windows fault.

Samba is the effort of reverse engineering MS's file-server and RPC protocols to serve Linux files to Windows machine, because Microsoft wanted the ability to lock users into Windows and did not want to use the several standard systems available.

0
0
Anonymous Coward

It's ironic!

I stole that comment from here: http://www.theregister.co.uk/2010/09/14/web_apps_crypto_flaw/

crap attempt at hilarity, I'll use the joke icon next time....

0
0
Gold badge
Happy

Re: Errrr...

You had it right the third time.

"It" is the correct pronoun for a Troll, even a misguided one.

0
0

Ummm

Actually, the Samba team have access to the specs these days.

0
0
Gold badge

buh?

[fish eyed stare]

0
0
Linux

Root

Says it all really.

0
1
This topic is closed for new posts.