Mac OS open to attack through unpatched Samba

Discussion in ' News Discussion' started by MacBytes, May 29, 2007.

  1. MacBytes macrumors bot

    Jul 5, 2003
  2. wyatt23 macrumors 6502a


    Mar 7, 2006
    Forest Hills, NY
    i'll go as far as saying, this is a poor oversight of apple to not have updated samba.

    that said... I'll never trust anything symantec says until a legitimate company verifies their findings.
  3. montex macrumors regular


    Jan 17, 2002
    Seattle, WA
    Did I read this correctly? Your Mac has to be connected to a Windows computer or server using the SMB protocol in order to be at risk for compromise? Wouldn't that make Windows Software the attack vector?

    Keep it on AFP, baby.
  4. shamino macrumors 68040


    Jan 7, 2004
    Purcellville, VA
    No. You simply have to have Windows File Sharing enabled to open the vulnerability.

    That being said, it is unlikely that anyone would turn this on unless they are connected to a Windows/SMB network. Apple ships Mac OS with this turned off, and very few people would turn it on without an actual need to do so.

    (FWIW, my Macs all have this disabled. I share files with my LAN via AFP, and the LAN is behind a router/firewall that blocks all inbound connections. I use FTP or USB keychains when I need to transfer files between the Macs and the PCs.)
  5. Earendil macrumors 68000


    Oct 27, 2003
    It sounds as if the attack would have to come from an internal network as well?
    Can you access a windows file share from a remote location using internet protocols?
  6. wnurse macrumors regular

    Jan 6, 2004
    The security warning is obviously not meant for the usual consumer but for enterprises that have macs connected in a heterogenous network. As to the number of macs, i think you can hardly speculate. The number of macs in larger enterprises could easily exceed or compete with the total number of consumer macs. Schools for example most likely have macs connected to a windows network (for obvious reasons).
  7. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    This is true, although, to be fair, in the typical enterprise or school setting, printers are on servers and not being shared from computers, and usually only the servers host share volumes. I haven't been in a lot of enterprise settings on Windows or otherwise where client workstations are sharing out resources. From what I understand, the exploit affects you if you *serve* Samba, but not if you access a Samba share being hosted by someone else....

    That being said, Apple should address this ASAP.
  8. Soba macrumors member


    May 28, 2003
    Pittsburgh, PA
    Samba 3.0.10 was released in early December of 2004. The current stable release is 3.0.25a.

    As Samba is a major system component and updates have far-reaching consequences, Apple obviously needs to be careful about choosing which versions of open source software updates to roll out with their OS X updates. But having said that, the version they're using is incredibly old. What exactly are they waiting for? This seems sloppy on Apple's part.

    While Windows file sharing is not on by default, it is a widely used component of OS X and is likely in use on a lot of heterogeneous home networks and more than a few business and academic networks - especially on college campuses in dormitories.

    They need to get this updated ASAP, and keep on top of things better in the future.
  9. shamino macrumors 68040


    Jan 7, 2004
    Purcellville, VA
    Yes, if your LAN's router isn't firewalling the SMB ports.

    Due to the potential security risk, I would recommend against ever opening these ports to the internet, but if you do, anyone can access your shares.
  10. PCMacUser macrumors 68000


    Jan 13, 2005
    Hi sorry, just wondering if you could explain that statement. I'm an IT professional and I can confidently say that Symantec is one of the most trusted companies when it comes to security. But I'm interested to hear what your experience has been with Symantec's products in your organisation, etc.
  11. shamino macrumors 68040


    Jan 7, 2004
    Purcellville, VA
    I don't know what Wyatt was thinking, but I share his opinion.

    Go look at Symantec's history with respect to Mac OS. They are one of the loudest voices in the "you Mac people are idiots, your systems will all be pwned because you aren't running our products" camp.

    Their behavior over the last 4-5 years shows me that they are far more interested in scaring newbies into buying unnecessary software than they are in actually securing anything.

    The fact that their software destabilizes Mac OS doesn't help either.
  12. wnurse macrumors regular

    Jan 6, 2004
    I use symantec's product on my mac and it does not destablize my mac.
    Granted, Symantec may make statments that infuriate the mac faithfull but how is that related to whether their software is any good?.
  13. impierced macrumors 6502


    Sep 30, 2002
    The argument that "it does not destablize MY mac", doesn't mean that problems haven't existed or that none continue to... ;)

    I've been using Symantic products on Macs since they first offered their products, and have seen problems that have resulted in days of debugging and downtime. Not to mention, buggy releases and incompatibility problems that take forever to resolve when new hardware is released.

    While I probably have a dozen or so examples, for the sake of time I'll provide two:

    #1 (old version): We scanned our applications file server using NAV with r/w access. Then we would add a few new applications. Any new application that we added to the file server that had not been scanned would instantly, and completely lockup the workstation. Turns out that because the newly added application wasn't in the NAV scanned database on the file server NAV would cause a system halt. That one took a while to figure out as we started with randomly locking up computers.

    #2 (last version tested): Using portable home directories, NAV enjoys locking up my client computer at random times unless you add the invisible mount share to a SafeZone.

    Course, given the pervasive nature of the software, I suppose one should expect some problems to exist... :eek: :eek: :eek:
  14. yellow Moderator emeritus


    Oct 21, 2003
    Portland, OR
    I feel the same way about apache.

Share This Page