I'm back to writing this column this week. I was at the Red Hat Summit the week before this one, so I failed to find the time I needed to produce a proper column.
Samba
Last week a round of Samba flaws were fixed:
http://news.samba.org/releases/samba_3_0_25_release/
This update fixed three security flaws, all of which could allow a remote attacker to execute arbitrary code with the same permissions of the Samba server. Some of these flaws are especially dangerous as they allow an anonymous attacker on the network to compromise the Samba server. The anonymous part is what makes the flaws the most scary. If an attacker has to be authenticated against the Samba server, you have a known number of attackers. If anyone attached to the network is able to attack Samba, there can be a near infinite number of attackers depending on the network setup.
The lesson one should take away from this, is that proper network setup is important. Sane firewall rules can go a long way. If you only need one machine to talk to the Samba server, you should only allow that machine access, not the whole network. Spending some time thinking about your network needs can make a big difference when a security flaw is found.
