[GLLUG] Fun With Samba
Clay Dowling
clay at lazarusid.com
Tue Apr 10 16:37:22 EDT 2012
This just came up at work:
https://www.samba.org/samba/security/CVE-2012-1182
Basically, gigantic server p0wnage hole in samba. If you run samba, you
will be vulnerable.
Since I know a few of you have deployed samba at customer sites, and
because this will almost certainly be available to script kiddies within
a day or two, I thought you might want to at least take the recommended
mitigation options if you can't do an upgrade right away. Otherwise,
your customers' servers are likely to become botnet participants, which
tends to get your traffic dropped into a black hole.
Worth noting that the bug is in a perl module. Those of you using perl
for any production or development work might want to make sure that the
root cause of this bug isn't affecting other work that you're doing.
Clay
More information about the linux-user
mailing list