No Dancing Around: Samba Shuts DoS Hole

Wednesday, February 1, 2012 @ 02:02 PM gHale


Samba developers released a security update to the Samba Windows interoperability suite for Unix.

Version 3.6.3 of Samba published just four days after releasing the new stable version, Samba 3.6.2. The security update addresses a memory leak which consumes a small amount of memory when the smbd daemon is handling connection requests. If an attacker made repeated connection requests, this flaw could end up causing a denial of service.

RELATED STORIES
Siemens Fixes for SIMATIC Holes
Siemens Default Password Issues
MICROSYS SCADA Vulnerabilities
Nightmare for Dream Report

The flaw exists in Samba versions 3.6.0 to 3.6.2 – the fix for this flaw is the only difference in 3.6.3 compared to 3.6.2. A patch for Samba 3.6.2 is on Samba’s security releases page, while the full source code for Samba 3.6.3 is available to download from the Samba download page.

The 3.6.2 release included a change to make Winbind receive user/group information and fixed several problems with the SMB2 implementation. There were also fixes for crashing bugs in the spooler or when browsing printers and corrections to buffer overflows and double free issues. Details of all the changes in Samba 3.6.2 are in the changelog for that release.

Samba provides many Unix and Linux systems with the ability to share files with Windows systems by implementing the SMB, SMB2 and CIFS protocols. It free software under the GPLv3 license.



Leave a Reply

You must be logged in to post a comment.