Tuesday, November 30, 2021

Samba warns users about security misstep

A potentially critical flaw in earlier versions of the open-source Samba file server product has prompted the developer to warn users to “immediately” upgrade to the latest version.

Samba – a Windows server alternative designed for Unix and Linux servers – is a freely available open source software suite which enables file and print services to Server Message Block/Common Internet File System (SMB/CIFS) clients.

The Samba organization reported Tuesday that the security flaw appears in versions 2.0.x to 2.2.7a of the software, and recommended users upgrade immediately to version 2.2.8.

Unchecked, the flaw enables unauthorized users unrestricted privileges and remote access to the server running Samba.

If users, Samba noted, are unable to upgrade machines currently running the Samba server, they should block access to TCP (Transmission Control Protocol) ports 139 and 444.

The latest Samba release can be found at: www.download.samba.org/samba/ftp.

The Samba team also said that the SMB/CIFS protocol implemented by Samba is vulnerable to many attacks, even without specific security holes. The TCP ports 139 and the new port 445 used by Windows 2000, and the Samba 3.0 alpha code in particular, should never be exposed to untrusted networks, the group said.

– With files from IDG News Service

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News