Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Samba (software)
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security== Some versions of Samba 3.6.3 and lower suffer serious security issues which can allow anonymous users to gain [[superuser|root]] access to a system from an anonymous connection, through the exploitation of an error in Samba's [[remote procedure call]].<ref>[https://www.samba.org/samba/security/CVE-2012-1182 CVE-2012-1182] - A security announcement regarding a major issue with Samba 3.6.3 and lower.</ref> On 12 April 2016, Badlock,<ref>{{cite web |title=Badlock |url=http://badlock.org/ |url-status=dead |archive-url=https://web.archive.org/web/20160412215511/http://badlock.org/ |archive-date=12 April 2016 |access-date=12 April 2016}}</ref> a crucial security bug in Windows and Samba, was disclosed. Badlock for Samba is referenced by CVE|2016-2118 (SAMR and LSA man in the middle attacks possible).<ref>{{cite news|url=http://www.listythings.com/microsoft-samba-patch-badlock-vulnerability/|title=Microsoft, Samba Patch "Badlock" Vulnerability|access-date=13 April 2016}}</ref> On 24 May 2017, it was announced that a remote code execution vulnerability had been found in Samba named ''EternalRed'' or ''SambaCry'', affecting all versions since 3.5.0.<ref name="samba-release-4.6.4">{{cite web|url=https://www.samba.org/samba/history/samba-4.6.4.html|title=Samba 4.6.4 - Release Notes|date=24 May 2017|access-date=24 May 2017}}</ref> This vulnerability was assigned identifier CVE|2017-7494.<ref name="samba-release-4.6.4" /><ref>{{cite news|url=https://securelist.com/sambacry-is-coming/78674/|title=SambaCry is coming|work=Securelist - Kaspersky Labβs cyberthreat research and reports|access-date=2018-03-19|language=en-us}}</ref> On 14 September 2020, a proof-of-concept [[exploit (computer security)|exploit]] for the netlogon [[vulnerability (computing)|vulnerability]] called ''[[Zerologon]]'' (CVE|2020-1472) for which a [[security patch|patch]] exists since August was published.<ref>{{cite news |last1=Cimpanu |first1=Catalin |title=Microsoft says it detected active attacks leveraging Zerologon vulnerability |url=https://www.zdnet.com/article/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability/ |access-date=9 October 2020 |work=ZDNet |language=en}}</ref> Some federal agencies using the software have been ordered to install the patch.<ref>{{cite web |last1=Constantin |first1=Lucian |title=What is Zerologon? And why to patch this Windows Server flaw now |url=https://www.csoonline.com/article/3576193/what-is-zerologon-why-you-should-patch-this-critical-windows-server-flaw-now.html |website=CSO Online |access-date=9 October 2020 |language=en |date=23 September 2020}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Samba (software)
(section)
Add topic
