Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Old May 29, 2007, 03:03 PM   #1
MacBytes
macrumors bot
 
Join Date: Jul 2003
Mac OS open to attack through unpatched Samba




Category: Mac OS X
Link: Mac OS open to attack through unpatched Samba
Description:: none

Posted on MacBytes.com
Approved by Mudbug
MacBytes is offline   0
Old May 29, 2007, 03:07 PM   #2
wyatt23
macrumors 6502a
 
wyatt23's Avatar
 
Join Date: Mar 2006
Location: Forest Hills, NY
Send a message via AIM to wyatt23
i'll go as far as saying, this is a poor oversight of apple to not have updated samba.

that said... I'll never trust anything symantec says until a legitimate company verifies their findings.
wyatt23 is offline   0
Old May 29, 2007, 03:43 PM   #3
montex
macrumors regular
 
Join Date: Jan 2002
Location: Seattle, WA
Did I read this correctly? Your Mac has to be connected to a Windows computer or server using the SMB protocol in order to be at risk for compromise? Wouldn't that make Windows Software the attack vector?

Keep it on AFP, baby.
__________________
Narffle the Garfunk!
montex is offline   0
Old May 29, 2007, 05:09 PM   #4
shamino
macrumors 68040
 
shamino's Avatar
 
Join Date: Jan 2004
Location: Vienna, VA
Quote:
Originally Posted by montex View Post
Did I read this correctly? Your Mac has to be connected to a Windows computer or server using the SMB protocol in order to be at risk for compromise?
No. You simply have to have Windows File Sharing enabled to open the vulnerability.

That being said, it is unlikely that anyone would turn this on unless they are connected to a Windows/SMB network. Apple ships Mac OS with this turned off, and very few people would turn it on without an actual need to do so.

(FWIW, my Macs all have this disabled. I share files with my LAN via AFP, and the LAN is behind a router/firewall that blocks all inbound connections. I use FTP or USB keychains when I need to transfer files between the Macs and the PCs.)
__________________
In theory, theory is the same as practice. In practice, it isn't.
shamino is offline   0
Old May 29, 2007, 08:16 PM   #5
Earendil
macrumors 68000
 
Earendil's Avatar
 
Join Date: Oct 2003
Location: Washington
It sounds as if the attack would have to come from an internal network as well?
Can you access a windows file share from a remote location using internet protocols?
__________________
Current: MacMini 2ghz / iPod Touch 2g / iPhone 4g
Retired: Alum Powerbook 1.25ghz / 4gb iPod Mini

"ooo! They have the internet on computers now!" - Homer J. Simpson
Earendil is offline   0
Old May 29, 2007, 08:18 PM   #6
wnurse
macrumors regular
 
Join Date: Jan 2004
Quote:
Originally Posted by shamino View Post
No. You simply have to have Windows File Sharing enabled to open the vulnerability.

That being said, it is unlikely that anyone would turn this on unless they are connected to a Windows/SMB network. Apple ships Mac OS with this turned off, and very few people would turn it on without an actual need to do so.

(FWIW, my Macs all have this disabled. I share files with my LAN via AFP, and the LAN is behind a router/firewall that blocks all inbound connections. I use FTP or USB keychains when I need to transfer files between the Macs and the PCs.)
The security warning is obviously not meant for the usual consumer but for enterprises that have macs connected in a heterogenous network. As to the number of macs, i think you can hardly speculate. The number of macs in larger enterprises could easily exceed or compete with the total number of consumer macs. Schools for example most likely have macs connected to a windows network (for obvious reasons).
wnurse is offline   0
Old May 29, 2007, 08:25 PM   #7
mkrishnan
Moderator emeritus
 
mkrishnan's Avatar
 
Join Date: Jan 2004
Location: Grand Rapids, MI, USA
Quote:
Originally Posted by wnurse View Post
Schools for example most likely have macs connected to a windows network (for obvious reasons).
This is true, although, to be fair, in the typical enterprise or school setting, printers are on servers and not being shared from computers, and usually only the servers host share volumes. I haven't been in a lot of enterprise settings on Windows or otherwise where client workstations are sharing out resources. From what I understand, the exploit affects you if you *serve* Samba, but not if you access a Samba share being hosted by someone else....

That being said, Apple should address this ASAP.
__________________
Mohan
mkrishnan is offline   0
Old May 29, 2007, 10:41 PM   #8
Soba
macrumors member
 
Join Date: May 2003
Location: Rochester, NY
Samba 3.0.10 was released in early December of 2004. The current stable release is 3.0.25a.

As Samba is a major system component and updates have far-reaching consequences, Apple obviously needs to be careful about choosing which versions of open source software updates to roll out with their OS X updates. But having said that, the version they're using is incredibly old. What exactly are they waiting for? This seems sloppy on Apple's part.

While Windows file sharing is not on by default, it is a widely used component of OS X and is likely in use on a lot of heterogeneous home networks and more than a few business and academic networks - especially on college campuses in dormitories.

They need to get this updated ASAP, and keep on top of things better in the future.
Soba is offline   0
Old May 29, 2007, 11:10 PM   #9
shamino
macrumors 68040
 
shamino's Avatar
 
Join Date: Jan 2004
Location: Vienna, VA
Quote:
Originally Posted by Earendil View Post
Can you access a windows file share from a remote location using internet protocols?
Yes, if your LAN's router isn't firewalling the SMB ports.

Due to the potential security risk, I would recommend against ever opening these ports to the internet, but if you do, anyone can access your shares.
__________________
In theory, theory is the same as practice. In practice, it isn't.
shamino is offline   0
Old May 30, 2007, 04:51 AM   #10
PCMacUser
macrumors 68000
 
PCMacUser's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by wyatt23 View Post
that said... I'll never trust anything symantec says until a legitimate company verifies their findings.
Hi sorry, just wondering if you could explain that statement. I'm an IT professional and I can confidently say that Symantec is one of the most trusted companies when it comes to security. But I'm interested to hear what your experience has been with Symantec's products in your organisation, etc.
__________________
13" MacBook Pro 2.53GHz, 4Gb RAM, 250Gb HDD ; MacBook 2.26GHz, 2Gb RAM, 250Gb HDD ; iPhone 3GS ; 80Gb iPod Classic ; 1Gb Shuffle ; AirPort Express
PCMacUser is offline   0
Old May 30, 2007, 08:42 AM   #11
shamino
macrumors 68040
 
shamino's Avatar
 
Join Date: Jan 2004
Location: Vienna, VA
Quote:
Originally Posted by PCMacUser View Post
Hi sorry, just wondering if you could explain that statement. I'm an IT professional and I can confidently say that Symantec is one of the most trusted companies when it comes to security. But I'm interested to hear what your experience has been with Symantec's products in your organisation, etc.
I don't know what Wyatt was thinking, but I share his opinion.

Go look at Symantec's history with respect to Mac OS. They are one of the loudest voices in the "you Mac people are idiots, your systems will all be pwned because you aren't running our products" camp.

Their behavior over the last 4-5 years shows me that they are far more interested in scaring newbies into buying unnecessary software than they are in actually securing anything.

The fact that their software destabilizes Mac OS doesn't help either.
__________________
In theory, theory is the same as practice. In practice, it isn't.
shamino is offline   0
Old May 30, 2007, 07:25 PM   #12
wnurse
macrumors regular
 
Join Date: Jan 2004
Quote:
Originally Posted by shamino View Post
I don't know what Wyatt was thinking, but I share his opinion.

Go look at Symantec's history with respect to Mac OS. They are one of the loudest voices in the "you Mac people are idiots, your systems will all be pwned because you aren't running our products" camp.

Their behavior over the last 4-5 years shows me that they are far more interested in scaring newbies into buying unnecessary software than they are in actually securing anything.

The fact that their software destabilizes Mac OS doesn't help either.
I use symantec's product on my mac and it does not destablize my mac.
Granted, Symantec may make statments that infuriate the mac faithfull but how is that related to whether their software is any good?.
wnurse is offline   0
Old May 31, 2007, 01:41 PM   #13
impierced
macrumors 6502
 
Join Date: Sep 2002
Quote:
Originally Posted by wnurse View Post
I use symantec's product on my mac and it does not destablize my mac.
Granted, Symantec may make statments that infuriate the mac faithfull but how is that related to whether their software is any good?.
The argument that "it does not destablize MY mac", doesn't mean that problems haven't existed or that none continue to...

I've been using Symantic products on Macs since they first offered their products, and have seen problems that have resulted in days of debugging and downtime. Not to mention, buggy releases and incompatibility problems that take forever to resolve when new hardware is released.

While I probably have a dozen or so examples, for the sake of time I'll provide two:

#1 (old version): We scanned our applications file server using NAV with r/w access. Then we would add a few new applications. Any new application that we added to the file server that had not been scanned would instantly, and completely lockup the workstation. Turns out that because the newly added application wasn't in the NAV scanned database on the file server NAV would cause a system halt. That one took a while to figure out as we started with randomly locking up computers.

#2 (last version tested): Using portable home directories, NAV enjoys locking up my client computer at random times unless you add the invisible mount share to a SafeZone.

Course, given the pervasive nature of the software, I suppose one should expect some problems to exist...
impierced is offline   0
Old May 31, 2007, 01:46 PM   #14
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Quote:
Originally Posted by Soba View Post
As Samba is a major system component and updates have far-reaching consequences, Apple obviously needs to be careful about choosing which versions of open source software updates to roll out with their OS X updates. But having said that, the version they're using is incredibly old. What exactly are they waiting for? This seems sloppy on Apple's part.
I feel the same way about apache.
yellow is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Help with SAMBA Mount: Win 7 Client jasonvp Mac OS X Server, Xserve, and Networking 4 May 24, 2013 05:25 PM
Auto Mounting Samba Shares Spacecowboy1 OS X 10.8 Mountain Lion 1 Oct 16, 2012 07:44 PM
Accessing a file via Samba causeisunknown OS X 6 Aug 27, 2012 09:42 AM
Samba Shares Headaches KlytusLord Mac Basics and Help 2 Jun 21, 2012 09:56 AM
Mac Samba Transfer Issue Beaverman3001 OS X 1 Jun 20, 2012 10:19 AM

Forum Jump

All times are GMT -5. The time now is 08:39 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC