14 DAY TRIAL // Samba, a component that seamlessly integrates Linux/Unix servers and desktops into Active Directory environments using the winbind daemon, is now at version 3.6.5.
Samba 3.6.5 is just a simple maintenance release, as it's only meant to fix a security issue. According to the developers, Samba versions 3.4.x to 3.6.4 were affected by a vulnerability that allows arbitrary users to modify privileges on a file server.
Security checks were incorrectly applied to the Local Security Authority (LSA) remote proceedure calls (RPC) CreateAccount, OpenAccount, AddAccountRights and RemoveAccountRights allowing any authenticated user to modify the privileges database.
This vulnerability was reported by Ivano Cristofolini and the fix was made by Jeremy Allison, which repaired the incorrect permission checks when granting/removing privileges.
All users have been advised to upgrade as soon as possible! Download Samba 3.6.5 right now from Softpedia.
Follow us on Google+