An Anonymous Coward writes:
A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.
[...] The newly discovered remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010.
"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wednesday.
(Score: 2) by frojack on Saturday May 27 2017, @06:08PM (3 children)
nt pipe support = no
Done.
(Like most other breathless report of flaws, this too is over hyped - usually by the windows apologists).
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday May 27 2017, @06:14PM (2 children)
But, but but then you can't distribute printer drivers! ;-)
Yeah, there seems to be a simple fix. The interesting is to observe the comparative response time from discovery to fix. Secure Microsoft Windows is an oxymoron. So I'll guess most persons will not blame themselves for not achieving that and as consequence not use it for anything important.
(Score: 2) by butthurt on Sunday May 28 2017, @03:53AM (1 child)
> Yeah, there seems to be a simple fix.
-- https://www.samba.org/samba/security/CVE-2017-7494.html [samba.org] (linked from summary)
(Score: 2) by kaszz on Sunday May 28 2017, @05:32AM
Then those distributions has to import the new source, compile and save. Takes time.