|Reported by:||Douglas R. Reno||Owned by:||Douglas R. Reno|
*CRITICAL PATCH RELEASE --- PUT IN ASAP *
==================================================================== == Subject: Remote code execution from a writable share. == == CVE ID#: CVE-2017-7494 == == Versions: All versions of Samba from 3.5.0 onwards. == == Summary: Malicious clients can upload and cause the smbd server == to execute a shared library from a writable share. == ==================================================================== =========== Description =========== All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients. ======= Credits ======= This problem was found by steelo <email@example.com>. Volker Lendecke of SerNet and the Samba Team provided the fix.
============================= Release Notes for Samba 4.6.4 May 24, 2017 ============================= This is a security release in order to address the following defect: o CVE-2017-7494 (Remote code execution from a writable share) ======= Details ======= o CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Changes since 4.6.3: --------------------- o Volker Lendecke <firstname.lastname@example.org> * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable share.
Change History (3)
Note: See TracTickets for help on using tickets.