Opened 4 years ago

Closed 4 years ago

#9275 closed enhancement (fixed)

samba-4.6.4

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

*CRITICAL PATCH RELEASE --- PUT IN ASAP *

https://www.samba.org/samba/security/CVE-2017-7494.html

====================================================================
== Subject:     Remote code execution from a writable share.
==
== CVE ID#:     CVE-2017-7494
==
== Versions:    All versions of Samba from 3.5.0 onwards.
==
== Summary:     Malicious clients can upload and cause the smbd server
==              to execute a shared library from a writable share.
==
====================================================================

===========
Description
===========

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.

=======
Credits
=======

This problem was found by steelo <knownsteelo@gmail.com>. Volker
Lendecke of SerNet and the Samba Team provided the fix.
                   =============================
                   Release Notes for Samba 4.6.4
                            May 24, 2017
                   =============================


This is a security release in order to address the following defect:

o  CVE-2017-7494 (Remote code execution from a writable share)

=======
Details
=======

o  CVE-2017-7494:
   All versions of Samba from 3.5.0 onwards are vulnerable to a remote
   code execution vulnerability, allowing a malicious client to upload a
   shared library to a writable share, and then cause the server to load
   and execute it.


Changes since 4.6.3:
---------------------

o  Volker Lendecke <vl@samba.org>
   * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
     share.

Change History (3)

comment:1 by Douglas R. Reno, 4 years ago

DJ, if you don't get to it by the time I get to it, I'll do this package. I'm probably much closer than you are.

comment:2 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Status: newassigned

Really should be in within the next 24 hours. Anyone who has Samba installed needs to update to this version. I'll note that in the Changelog.

comment:3 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18767

Note: See TracTickets for help on using tickets.