Mac OS X is running with an outdated and vulnerable version of the open-source file and print program Samba, according to Symantec's DeepSight Threat Analyst Team. The vulnerabilities, first published on May 14, involve multiple heap-based buffer overflow weaknesses in Samba's NDR remote procedure call request. The vulnerability affects Samba 3 versions prior to 3.0.25. The DeepSight Threat Analyst Team recently discovered that Mac OS X includes Samba 3.0.10. Samba hasn't been updated on the Mac platform since that version, according to a May 26 team journal entry. On the same day, the team managed to exploit the heap-corruption vulnerability on a fully patched Mac OS X 10.4.9 system that was running the default Samba 3.0.10 program.
Samba doesn't run on Mac OS X systems by default; use requires that the operating system be configured to have the "Windows Sharing" service enabled, accessible under the Sharing option under Systems Preferences. The DeepSight Threat Analyst Team said mixed-platform networks may be more likely to have that option enabled. The team is advising Mac OS X users to upgrade to the latest Samba version, 3.0.25, from Samba's official site. Otherwise, users can disable the Windows Sharing service until Apple has an official update available via its Software Update service. The team also advised users to select the lock function to avoid inadvertent re-enabling of the service.
This command can confirm whether Samba is running (if the command returns data, the service is still running):
News source: eWeek
8 Comments - Add comment