Security Advisories

Trustwave Press Releases

« Microsoft Patch Tuesday: IE, Common Control, and Digitized Chuck Yeager | Main | [Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks »

10 April 2012


I'm still unclear as to whether Apple Macs are vulnerable or not. Snow Leopard uses Version 3.0.28a-apple and Leopard Version 3.0.25a-apple. These number sequences are within the vulnerable range, as far as I can tell. Therefore I assume that any 10.5 or 10.6 Mac with File Sharing enabled and SMB sharing ticked is vulnerable. Can anyone confirm?

Incorrect. Apple ship Samba server 3.0.x, they refused to ship 3.2.0 onwards for religious (i.e. anti-GPLv3) reasons. You are correct in the MacOSX has its own internal SMB/CIFS client, not Samba.

We have provided patches to Apple for this problem.

Jeremy Allison,
Samba Team.

Apple doesn't include Samba at all anymore and they never moved beyond version 2 when they were including it for SMB hosting.

It's never been used for client connections on the Mac.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment