Ouch ..." Microsoft finds critical bug that hurts most recent Linuxes".."Linux admins were sent scrambling to patch their boxes on Monday after a critical vulnerability was revealed in Samba, the open source Linux-and-Windows-compatibility software.
The bug, which has been designated CVE-2015-0240, lies in the smbd file server daemon. Samba versions 3.5.0 through 4.2.0rc4 are affected, the Samba Project said in a security alert.
An attacker who successfully exploits the flaw could potentially execute code remotely with root privileges, the project's developers warned. Root access is automatic and no login or authentication is necessary.
Samba is an open source software stack that allows Linux machines to act as both clients and servers for file and print services based on Microsoft's SMB/CIFS protocol. It also lets Linux integrate with Active Directory.
Because it ships with a wide range of Linux distributions, a great many systems could potentially be affected – although just how vulnerable a given system is to attack will depend on which distro it's running and at which patch level. Samba is also sometimes installed as a component of *BSD and OS X systems.
Red Hat's product security team has a more detailed analysis of the bug, which you can view here. The firm says that Red Hat Enterprise Linux versions 5 through 7 are affected, as are Red Hat Storage Server versions 2.1 and 3. The vuln is considered critical for all of the affected products with the exception of RHEL 7, where it's been ranked as merely "important."
Other distros have similarly posted security alerts, including Debian, Suse, and Ubuntu."...[ »
www.theregister.co.uk/20 ··· on_vuln/ ]
