Samba warns users about security misstep

A potentially critical flaw in earlier versions of the open-source Samba file server product has prompted the developer to warn users to “immediately” upgrade to the latest version.

Samba – a Windows server alternative designed for Unix and Linux servers – is a freely available open source software suite which enables file and print services to Server Message Block/Common Internet File System (SMB/CIFS) clients.

The Samba organization reported Tuesday that the security flaw appears in versions 2.0.x to 2.2.7a of the software, and recommended users upgrade immediately to version 2.2.8.

Unchecked, the flaw enables unauthorized users unrestricted privileges and remote access to the server running Samba.

If users, Samba noted, are unable to upgrade machines currently running the Samba server, they should block access to TCP (Transmission Control Protocol) ports 139 and 444.

The latest Samba release can be found at:

The Samba team also said that the SMB/CIFS protocol implemented by Samba is vulnerable to many attacks, even without specific security holes. The TCP ports 139 and the new port 445 used by Windows 2000, and the Samba 3.0 alpha code in particular, should never be exposed to untrusted networks, the group said.

– With files from IDG News Service