Samba security updates address flaws that could be used to execute DoS attacks

News by Robert Abel

The update two months after NamPoHyu, a ransomware strain that goes after vulnerable Samba servers, was discovered

Open-source software suite Samba has released security updates to address vulnerabilities in its version 4.9 and all versions from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack.

One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash the Samba AD DC’s RPC server process via a NULL pointer de-reference.

The other vulnerability is a Samba AD DC LDAP server crash, which affects all versions of Samba since Samba 4.10.0 and could let a user with read access to the directory cause a NULL pointer de-reference using the paged search control. 

The update two months after NamPoHyu, a ransomware strain that goes after vulnerable Samba servers, was discovered. It was reported that NamPoHyu, an update of the MegaLocker variant, searched out accessible Samba servers, wrung out the passwords, and then remotely encrypted their files and created ransom notes.

The Cybersecurity and Infrastructure Security Agency (CISA) encouraged users and administrators to review Samba’s security announcements for the two vulnerabilities and to apply the necessary updates.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews