Security News
Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "Vfs fruit" that provides compatibility with Apple SMB clients.
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.
Offensive Security released Kali Linux 2021.4, which comes with a number of improvements: wider Samba compatibility, switching package manager mirrors, enhanced Apple M1 support, Kaboxer theming, updates to Xfce, GNOME and KDE, Raspberry Pi Zero 2 W + USBArmory MkII ARM images, as well as new tools. Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use.
Emotet malware: "The report of my death was an exaggeration" FBI email hack spreads fake security alerts Tech history: Why tubes are valves, and valves are tubes. Samba update patches plaintext password plundering The hijackable self-driving robot suitcase Oh! No! A virtual-versus-real monitor mixup.
That's where someone monitors the SMB1 traffic on your network, and replies to new users on your network to say, "Oh, really sorry, we're very old fashioned here. Please don't send encrypted passwords to log in, use plaintext passwords instead.". Before you blame Samba for having had this bug stop to think that you shouldn't still be using SMB1 at all, and that Samba, like Windows, doesn't enable it by default.
The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol. With Zerologon being a protocol-level vulnerability and Samba implementing the Netlogon protocol, Samba is also vulnerable to the bug, when used as domain controller only.
Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."
You might have a FAT32-formatted drive that needs to be shared out to users. To do that with write permissions, you must make use of fstab. Jack Wallen shows you how.
Samba released fixes for its networking software to address two critical vulnerabilities that allowed attackers to change admin password or launch DoS attacks.
Samba has just released new security patches for two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users'...