[manjaro-security] [MSA-201705-1] samba: code execution vulnerability
Philip Müller
philm at manjaro.org
Fri May 26 00:42:34 CEST 2017
Manjaro Linux Security Advisory MSA-201705-1
=============================================
Severity: High
Date : 2017-05-26
CVE-ID : CVE-2017-7494
Package : samba
Type : code execution vulnerability
Remote : Yes
Link : https://www.samba.org/samba/security/CVE-2017-7494.html
Summary
=======
Malicious clients can upload and cause the smbd server to execute a
shared library from a writable share.
Resolution
==========
Upgrade to 4.5.10-0.
# pacman -Syu "samba>=4.5.10-0"
The problem has been fixed upstream in version 4.5.10.
Workaround
==========
But if you can not upgrade to the latest versions of Samba immediately,
you can work around the vulnerability by adding the following line to
your Samba configuration file smb.conf:
nt pipe support = no
Description
===========
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
Impact
======
A local unprivileged attacker is able to overwrite arbitrary files on
the filesystem possibly leading to privilege escalation.
References
==========
https://www.samba.org/samba/security/CVE-2017-7494.html
https://www.samba.org/samba/history/security.html
https://kb.netgear.com/000038779/Security-Advisory-for-CVE-2017-7494-Samba-Remote-Code-Execution
http://thehackernews.com/2017/05/samba-rce-exploit.html
https://github.com/hdm/metasploit-framework/blob/0520d7cf76f8e5e654cb60f157772200c1b9e230/modules/exploits/linux/samba/is_known_pipename.rb
More information about the manjaro-security
mailing list