The Samba Team released a patch on Monday for the second major security flaw found in the past few weeks in the open-source group's widely used program for sharing Windows files between Unix and Linux systems. The security problem could easily let an attacker compromise any Samba server connected to the Internet. The vulnerability is unrelated to the previous flaw, for which Samba released a patch on March 17.
"If it was related to the previous flaw, we would have found it when we audited the code," said Jeremy Allison, co-author of Samba and a leader of the Samba Team. "This has been in the code for seven or eight years."
The vulnerability, found by security firm Digital Defense, is already being used by online attackers to compromise vulnerable servers, the company warned in an advisory. "Samba users are urged to check their Samba servers for compromise," the San Antonio-based company stated in the warning. "Samba and Digital Defense Inc. decided to release their advisories before all vendors had a chance to update their packages due to this vulnerability being actively exploited."
View: The full story
News source: ZDNet