OS X still open to Samba vulnerabilities
Following up some recent patches to Samba, the open-source file-sharing system compatible with Windows file sharing, Symantec found some disturbing results: at least one *NIX variant, Mac OS X, is still vulnerable.
The heap-corruption vulnerabilities affected Samba 3.0.25rc3 and earlier versions, and exploit code was quickly made available. Symantec says that the current, fully-patched version of Mac OS X 10.4.9 runs Samba 3.0.10, originally released in 2005. It does not run by default, but does run if the user activates Windows Sharing. Symantec calls exploitation of this version of Samba on OS X "fairly trivial."
At PC Mag.
[ Read more ]