Archived Content
In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.Samba Remote Code Execution Vulnerability
Last Revised
Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected. Patches are currently available from Debian, Red Hat, Suse, and Ubuntu. A Samba patch is available for experienced users and administrators to implement.
This product is provided subject to this Notification and this Privacy & Use policy.