---

SearchEnterpriseLinux: Open-Source Security Shines in Samba Case

[ Thanks to Michael
S. Mimoso
for this link. ]

“Recently discovered security holes in Samba were serious
threats to companies using the popular freeware, which enables end
users to access and use files, printers and other commonly shared
resources on a company’s network or via the Internet.

“But they also demonstrated how the code-review process among
those in the open-source community can ferret out vulnerabilities
and how developers have adopted a new mindset, one in which secure
coding is often seen as paramount over features and
functionality.

“Security holes in open-source applications and systems have
been making news in the last 12 months, with highly publicized
flubs in Sendmail, Snort, Apache and PHP grabbing headlines. Samba
joined that group with separate security warnings on March 14 and
April 7. The first warned of a flaw in Samba’s main SMBD code which
could allow an external attacker to remotely and anonymously gain
root privileges on a server running a Samba server. SMBD is the
server daemon that provides file-sharing and printing services to
Windows clients. The second was a buffer overflow flaw that could
also enable an attacker to remotely hijack a Samba server.

Both struck deeply at the heart of developer Jeremy Allison, who
wrote the original code in both instances…”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis