Samba Patches Buffer Overflows
The open-source implementation of Microsoft's SMB/CIFS protocol gets a security update.
The flaws, which have been rated by research firm Secunia as "moderately critical," affect Samba versions 2.x and Samba 3.x. Both issues have been fixed in Samba 3.0.5, which can be downloaded here.
In an online advisory, the project said the first vulnerability was caused due to a boundary error when decoding base64 data during HTTP basic authentication. This could be exploited to cause a buffer overflow (define).
The second flaw, which could also cause a buffer overflow, was discovered in the code used to handle "mangling method = hash".
Samba (define) is an open-source implementation of Microsoft's SMB/CIFS protocol for file and printer sharing. It is used to allow a non-Windows server to communicate with the same networking protocol as the Windows products. Originally developed for Unix, Samba can now run on Linux, FreeBSD and other Unix variants.
This article was first published on internetnews.com.