updated 08:05 pm EDT, Tue May 29, 2007
Samba security flaw
Mac OS X's bundled open-source Samba software for connecting to and using Windows-based networks is vulnerable to attack, Symantec announced this week. As noted by Computerworld, symantec said that hackers can attack Mac OS X by exploiting an unpatched vulnerability in the open-source Samba file- and print-sharing software that's included with the operating system, but is not enabled by default. Samba is only enabled when Mac users turn on the Windows Sharing feature that allows Windows users to access files and printers on a Mac network: earlier this month, researchers discovered a multiple heap-based buffer overflow bugs, and the report indicates that exploits for the flaws have been released by penetration test suppliers. Symantec said that it was able to exploit the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba installation.
Samba 3.025 was released to fix the multiple heap buffer overflow flaws on May 14th, followed by a bug-fix patch last week on May 24th (Samba 3.0.25a).
Apple last week released a security update that addressed 17 exploits and today released an update to QuickTime to address a few more; however, the company has not warned users of the possible exploit or provided any updates.
"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," Symantec wrote in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits, however it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."
Symantec emphasized that while the software is not enabled by default, Apple has not released a Samba update since 2005--warning that users must upgrade to the latest, and secure version.
"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official website," the company told customers. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."