
Remote root hole in Samba  - wglb
http://lwn.net/Articles/491516/rss
======
obituary_latte
Has this remote root really been around for ten years?

<http://lwn.net/Articles/491523/>

edit:

Samba 3.0.x - 3.6.3

<http://www.samba.org/samba/history/samba-3.0.0.html>

So... yeah... 9 years. Wow.

~~~
fromhet
Yeah, this is indeed exceptional. How can that really happen?

~~~
getsat
Maybe the proverbial "eyes" are on other projects or something?

~~~
yuhong
Well, this bug was in auto-generated RPC code.

------
tptacek
Don't have SMB exposed on any public network anywhere ever.

~~~
throwaway54-762
So you want every client on your private network to have root access to your
SMB server? Remote root is a problem if you have any networked clients.

~~~
ajross
He means that SMB is not a secure protocol and can't be run securely over an
untrusted network at all. Vulnerabilities within a private network are a
different class of problem. Obviously you should upgrade/patch and pull the
fix. But if (say) the operation of your 20-person company depends on a live
Samba instance, you might logically make the decision to leave it unpatched on
your internal network for a day or so until you have time to test the upgrade.

------
caf
The bugzilla entry (<https://bugzilla.samba.org/show_bug.cgi?id=8815>)
contains reproducers for the issue.

------
wglb
More detail here: <https://www.samba.org/samba/security/CVE-2012-1182>.

------
rainbo
How nice, now there's a public POC for a remote root exploit in a very widely
used file-sharing service.

<https://bugzilla.samba.org/attachment.cgi?id=7433>

