Security News

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root
2022-02-01 19:56

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "Vfs fruit" that provides compatibility with Apple SMB clients.

Samba bug can let remote attackers execute code as root
2022-01-31 21:15

Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.

Kali Linux 2021.4 released: Wider Samba compatibility, The Social-Engineer Toolkit, new tools, and more!
2021-12-09 17:28

Offensive Security released Kali Linux 2021.4, which comes with a number of improvements: wider Samba compatibility, switching package manager mirrors, enhanced Apple M1 support, Kaboxer theming, updates to Xfce, GNOME and KDE, Raspberry Pi Zero 2 W + USBArmory MkII ARM images, as well as new tools. Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use.

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]
2021-11-18 19:00

Emotet malware: "The report of my death was an exaggeration" FBI email hack spreads fake security alerts Tech history: Why tubes are valves, and valves are tubes. Samba update patches plaintext password plundering The hijackable self-driving robot suitcase Oh! No! A virtual-versus-real monitor mixup.

Samba update patches plaintext password plundering problem
2021-11-12 19:59

That's where someone monitors the SMB1 traffic on your network, and replies to new users on your network to say, "Oh, really sorry, we're very old fashioned here. Please don't send encrypted passwords to log in, use plaintext passwords instead.". Before you blame Samba for having had this bug stop to think that you shouldn't still be using SMB1 at all, and that Samba, like Windows, doesn't enable it by default.

Samba Issues Patches for Zerologon Vulnerability
2020-09-23 11:47

The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol. With Zerologon being a protocol-level vulnerability and Samba implementing the Netlogon protocol, Samba is also vulnerable to the bug, when used as domain controller only.

As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
2020-09-22 21:49

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."

How to auto mount FAT32-formatted drives in Samba
2018-11-16 18:22

You might have a FAT32-formatted drive that needs to be shared out to users. To do that with write permissions, you must make use of fstab. Jack Wallen shows you how.

Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 16:56

Samba released fixes for its networking software to address two critical vulnerabilities that allowed attackers to change admin password or launch DoS attacks.

Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
2018-03-13 10:18

Samba has just released new security patches for two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users'...