Описание
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
Отчет
This vulnerability exists in the samba server, client side packages are not affected.
Меры по смягчению последствий
Any of the following:
- SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit
- Mount the filesystem which is used by samba for its writable share using "noexec" option.
- Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 Extended Lifecycle Support | samba3x | Fixed | RHSA-2017:1272 | 24.05.2017 |
| Red Hat Enterprise Linux 6 | samba | Fixed | RHSA-2017:1270 | 24.05.2017 |
| Red Hat Enterprise Linux 6 | samba4 | Fixed | RHSA-2017:1271 | 24.05.2017 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
| Red Hat Enterprise Linux 6.5 Telco Extended Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
| Red Hat Enterprise Linux 6.6 Telco Extended Update Support | samba | Fixed | RHSA-2017:1390 | 05.06.2017 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulne ...
7.5 High
CVSS3