Samba remote code execution vulnerability, Patch Released !

Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell.

There is a serious remotely exploitable vulnerability in the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the current stable release.

The vulnerability was discovered by security researcher Brian Gorenc and an unnamed colleague, working for the Zero Day Initiative. The flaw, which is located in the code generator for Samba's remote procedure call (RPC) interface, makes it possible for clients on the network to force the Samba server to execute arbitrary code.

Three new security releases (Samba 3.4.16, Samba 3.5.14, Samba 3.6.4) for currently supported versions have been issued over at samba.org/samba/security. Patches against older Samba versions are available at samba.org/samba/patches.

Most at risk here is the compromise of Linux-embedded systems that use Samba, and many of these device vendors are notorious for not regularly patching these systems. This makes this vulnerability an attractive target for exploit writers, both for integration in commercial and free penetration testing tools like Metasploit, as well as for use in malicious attacks.