“The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch,” Wagstaff reports. “Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers. There are likely to be many more, it said in response to emailed questions.”
Wagstaff reports, “Most of the computers found are running older versions of the software and cannot be patched.”
Read more in the full article here.
MacDailyNews Note: The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.
US-CERT encourages users and administrators to review Samba’s Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.
All versions of Samba from 3.5.0 onwards are vulnerable.
A patch addressing this defect has been posted to http://www.samba.org/samba/security/.
Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.