[Samba] CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu

Anderson Hoffmann do Carmo anderson.hoffmann at gsurfnet.com
Thu May 25 17:13:43 UTC 2017


Hi Mike
Thank you for the information! :-)

Anderson Hoffmann



2017-05-25 13:59 GMT-03:00 Data Control Systems - Mike Elkevizth <
mike at datacontrolsystems.com>:

> According to the changelog from Ubuntu (http://changelogs.ubuntu.com/
> changelogs/pool/main/s/samba/samba_4.3.11+dfsg-0ubuntu0.16.04.7/changelog)
> this fix has been backported into the Ubuntu 4.3.11 packages.
>
> samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium
>
>   * SECURITY UPDATE: remote code execution from a writable share
>     - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
>       slash inside in source3/rpc_server/srv_pipe.c.
>     - CVE-2017-7494
>
>  -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 19 May 2017
> 14:18:13 -0400
>
> Mike E.
>
>
> On Thu, May 25, 2017 at 12:54 PM, Anderson Hoffmann do Carmo via samba <
> samba at lists.samba.org> wrote:
>
>> Hi
>>
>> We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with
>> some Windows Clients
>> The Ubuntu repository not update samba package (last version is 4.3.11).
>>
>> Please, how am i can fix the CVE-2017-7494 (Remote code execution from a
>> writable share) in my SAMBA server?
>>
>> Should option 'nt pipe support = no' will influence how SAMBA_AD works?
>>
>>
>> Anderson Hoffmann
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>


More information about the samba mailing list