Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 14.10: USN-2508-1 Moderate Samba Remote Code Execution Threat

ubuntu
Calendar Grey February 23, 2015
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-2508-1 addresses a significant samba flaw that may enable unauthorized execution of applications with administrative privileges.
Samba could be made to run programs as an administrator if it received specially crafted network traffic.

Summary

Samba could be made to run programs as an administrator if it received

specially crafted network traffic.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Richard van Eeden discovered that the Samba smbd file services incorrectly

handled memory. A remote attacker could use this issue to possibly execute

arbitrary code with root privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  samba                           2:4.1.11+dfsg-1ubuntu2.2

Ubuntu 14.04 LTS:
  samba                           2:4.1.6+dfsg-1ubuntu2.14.04.7

Ubuntu 12.04 LTS:
  samba                           2:3.6.3-2ubuntu2.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2508-1

CVE-2015-0240

Severity
important
Lowest
Low
Medium
High
Critical

February 23, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.