Security News
Astonishingly, the CVE-2022-38023 vulnerability existed in the first place because both Windows and Samba still supported a style of integrity protection based on the long-deprecated hashing algorithm MD5. Simply put, network authentication using Microsoft's version of the Kerberos protocol still allowed data to be integrity-protected using flawed cryptography. Assuming a reliable algorithm, with no exploitable weaknesses, you'd expect that a hash with X bits of output would need about 2X-1 tries to find a second input that collided with the hash of an existing file.
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.
Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. Anyone with a long enough memory will recall, probably without a tremendous amount of affection, hooking up OS/2 computers to share files using SMB over NetBIOS. Samba started life in the early 1990s thanks to the hard work of Australian open source pioneer Andrew Tridgell, who figured out from first principles how SMB worked so that he could implement a compatible version for Unix while he was busy with his PhD at the Australian National University.
Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. This flaw is an out-of-bounds heap read/write in the Samba vfs fruit VFS module.
February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.
Six months after LibreOffice 7.2, version 7.3 is out with faster and more accurate file importing and rendering for improved compatibility with Microsoft Office. The new release is the latest "Fresh" version.
A critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations. Several updated versions of Samba have been released on Monday, fixing CVE-2021-44142 and two other flaws, but since the software is included in most Linux and Unix-like operating systems, users of those are advised to keep an eye out for specific updates by those developer teams.
A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers. Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multiplatform devices on a common network, including SMB file-sharing.
Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "Vfs fruit" that provides compatibility with Apple SMB clients.
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.