[Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download

Jeremy Allison jra at samba.org
Wed May 24 15:50:11 UTC 2017


On Wed, May 24, 2017 at 09:21:14AM +0200, Karolin Seeger via samba-technical wrote:
> Release Announcements
> ---------------------
> 
> These are a security releases in order to address the following defect:
> 
> o  CVE-2017-7494 (Remote code execution from a writable share)
> 
> =======
> Details
> =======
> 
> o  CVE-2017-7494:
>    All versions of Samba from 3.5.0 onwards are vulnerable to a remote
>    code execution vulnerability, allowing a malicious client to upload a
>    shared library to a writable share, and then cause the server to load
>    and execute it.
> 
> 
> Changes:
> --------
> 
> o  Volker Lendecke <vl at samba.org>
>    * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
>      share.
> 
> 
> #######################################
> Reporting bugs & Development Discussion
> #######################################
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
> 
> 
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================

Thanks Karolin ! Here are some mitigation techniques from Red Hat in
case servers cannot be patched immediately:

-------------------------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=1450347#c3

Huzaifa S. Sidhpurwala 2017-05-15 04:02:57 EDT
Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of
modules from outside of samba's module directories and therefore blocks the exploit

2. Mount the filessytem which is used by samba for its writeable share,
using "noexec" option.

3. Add the parameter:

    nt pipe support = no

    to the [global] section of your smb.conf and restart smbd. This prevents
clients from accessing any named pipe endpoints. Note this can disable some
expected functionality for Windows clients.
-------------------------------------------------------------

Jeremy.



More information about the samba-announce mailing list