toggle

AAPL Stock: 113.99 ( + 1.98 )

Printed from http://www.macnn.com

Samba security flaw affects Mac OS X

updated 08:05 pm EDT, Tue May 29, 2007

Samba security flaw

Mac OS X's bundled open-source Samba software for connecting to and using Windows-based networks is vulnerable to attack, Symantec announced this week. As noted by Computerworld, symantec said that hackers can attack Mac OS X by exploiting an unpatched vulnerability in the open-source Samba file- and print-sharing software that's included with the operating system, but is not enabled by default. Samba is only enabled when Mac users turn on the Windows Sharing feature that allows Windows users to access files and printers on a Mac network: earlier this month, researchers discovered a multiple heap-based buffer overflow bugs, and the report indicates that exploits for the flaws have been released by penetration test suppliers. Symantec said that it was able to exploit the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba installation.

Samba 3.025 was released to fix the multiple heap buffer overflow flaws on May 14th, followed by a bug-fix patch last week on May 24th (Samba 3.0.25a).

Apple last week released a security update that addressed 17 exploits and today released an update to QuickTime to address a few more; however, the company has not warned users of the possible exploit or provided any updates.

"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," Symantec wrote in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits, however it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."

Symantec emphasized that while the software is not enabled by default, Apple has not released a Samba update since 2005--warning that users must upgrade to the latest, and secure version.

"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official website," the company told customers. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. jarod

    Joined: Dec 1969

    0

    Go figure

    The security issues affects the WINCRAP featureset. Doesn't that plague ever die???

  1. suhail

    Joined: Dec 1969

    0

    whatever…

    so i guess Symantec wants mac users to buy their software! I don't think so. Installing anti-virus software is notoeious for opens more security holes, slowing down your os, and causes frequent hang-ups, and frustration.

    no thanx.

  1. Guest

    Joined: Dec 1969

    0

    Windows Security

    One could make an argument that this vulnerability is a testament to the security of OS X compared to Windows. I doubt that any well-informed windows user would turn on file and print sharing and expose it to the internet without firewall protection.

    The news that doing so on the OS X *may* be risky highlights the relative security of OS X over Windows.

    Just my $0.02.

    Beeners

  1. LouZer

    Joined: Dec 1969

    0

    Re: windows security

    One could make an argument that this vulnerability is a testament to the security of OS X compared to Windows. I doubt that any well-informed windows user would turn on file and print sharing and expose it to the internet without firewall protection.

    Um, first off, there's nothing about this that talks about internet access.

    Second, one of the problems people always says about windows is that users aren't well-informed about security. There's nothing about Mac users that make them intrinsically more security-knowledgable.

    Third, turning on the firewall doesn't help. If you turn on your firewall to prevent access, well, guess what, you can't access the services you just turned on. So the firewall has to have the port open, which is how you access the flaw in the first place.

    BTW, suhail, there's a small problem with your comment. All anti-virus software doesn't have those issues you mentioned. Now, symantec Anti-virus (which is what i think you're talking about), that's a different story. I can't believe people install that software (and people I know who use it on Windows can't wait to find something else to replace it and its incessant pop-ups, warnings, etc).

  1. Guest

    Joined: Dec 1969

    0

    re: re: windows security

    Good points louzer. I appreciate your arguments.

    First, though not explicitly stated, I think that the internet is a key factor in exploiting this. If your internal network is compromised such that the threat is coming from inside, then you may have larger problems.

    Second, I agree completely. In fact, one could argue that since Macs have historically had fewer attack vectors, the users are more complacent and less security knowledgeable.

    Third, I apologize for my ambiguous wording in relation to firewalls. I was thinking of an external hardware based firewall, such as in a router, rather than the software firewall built into the OS. The scenario I envisioned was allowing local file and print sharing (inside the firewall), but blocking the big bad internet.

    You are absolutely correct that if you want to access windows file and print sharing services from the internet, blocking access via any firewall defeats the purpose.

    Beeners

  1. gskibum3

    Joined: Dec 1969

    0

    Little Voice Inside!

    I get a dirty feeling inside every time I make a trip into the System Preferences/Sharing pane and see the Windows File Sharing option. Turns out that little voice inside is right. LOL!

  1. gskibum3

    Joined: Dec 1969

    0

    Here we go again...

    More inane comments about Mac users and their lax attitude about security, yet not a single Mac has been compromised outside some pencil neck's basement in his mother's house.

    Yet we're supposed to feel inferior to the oh so intelligent PeeCee users, who use a platform filled with currently exploited vulnerabilities. Now tell me again, just who is it that's lax?

  1. fubar_this

    Joined: Dec 1969

    0

    Nothing to do w/Symantec

    This article has nothing to do with Symantec people. DeepSight Threat Management Services is an IT service that many large companies subscribe to. You pay mucho grande a year (10K and up) to be automatically warned when a threat is detected by their honeypots and researchers. As reported in the MacNN article, DeepSight TMS was simply sending an AUTOMATED alert. It has nothing to do with Symantec pushing its products. I get about 20 of these alerts per day. Computerworld is just publishing what they received in their alerts.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relat ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

toggle

Most Commented