Critical Samba flaw allows unauthorized remote code execution

Samba, the popular free software that allows file and print sharing between computers running Windows and those running Unix or Linux, has been found sporting a critical flaw that can be exploited by an attacker to run programs as an administrator.

“CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root,” the Red Hat Product Security team explained in a blog post that also offers more technical details about the flaw.

The flaw affects all versions of Samba from 3.5.0 to 4.2.0rc4. There is a workaround for Samba versions 4.0.0 and above, but the Samba Team has already pushed out new versions of the software that resolve the problem (4.1.17, 4.0.25, and 3.6.25).

Samba is included in most Linux distributions, and some of them have already issued a patch: Red Hat (including one for Fedora), Debian, Ubuntu, and others.

According to the advisory by the Samba Team, the flaw was discovered by Richard van Eeden of Microsoft Vulnerability Research, who also provided the fix.

Users are advised to implement the security updates as soon as possible.