05/29/2007, 8:05pm, EDT
Tuesday, May 29th
Samba security flaw affects Mac OS X
Samba 3.025 was released to fix the multiple heap buffer overflow flaws on May 14th, followed by a bug-fix patch last week on May 24th (Samba 3.0.25a).
Apple last week released a security update that addressed 17 exploits and today released an update to QuickTime to address a few more; however, the company has not warned users of the possible exploit or provided any updates.
"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," Symantec wrote in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits, however it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."
Symantec emphasized that while the software is not enabled by default, Apple has not released a Samba update since 2005--warning that users must upgrade to the latest, and secure version.
"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official website," the company told customers. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."
Filed under: troubleshooting
, 
, 8
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
no thanx.
The news that doing so on the OS X *may* be risky highlights the relative security of OS X over Windows.
Just my $0.02.
Beeners
Um, first off, there's nothing about this that talks about internet access.
Second, one of the problems people always says about windows is that users aren't well-informed about security. There's nothing about Mac users that make them intrinsically more security-knowledgable.
Third, turning on the firewall doesn't help. If you turn on your firewall to prevent access, well, guess what, you can't access the services you just turned on. So the firewall has to have the port open, which is how you access the flaw in the first place.
BTW, suhail, there's a small problem with your comment. All anti-virus software doesn't have those issues you mentioned. Now, symantec Anti-virus (which is what i think you're talking about), that's a different story. I can't believe people install that software (and people I know who use it on Windows can't wait to find something else to replace it and its incessant pop-ups, warnings, etc).
First, though not explicitly stated, I think that the internet is a key factor in exploiting this. If your internal network is compromised such that the threat is coming from inside, then you may have larger problems.
Second, I agree completely. In fact, one could argue that since Macs have historically had fewer attack vectors, the users are more complacent and less security knowledgeable.
Third, I apologize for my ambiguous wording in relation to firewalls. I was thinking of an external hardware based firewall, such as in a router, rather than the software firewall built into the OS. The scenario I envisioned was allowing local file and print sharing (inside the firewall), but blocking the big bad internet.
You are absolutely correct that if you want to access windows file and print sharing services from the internet, blocking access via any firewall defeats the purpose.
Beeners
Yet we're supposed to feel inferior to the oh so intelligent PeeCee users, who use a platform filled with currently exploited vulnerabilities. Now tell me again, just who is it that's lax?