==================================================================== == Subject: Remote code execution from a writable share. == == CVE ID#: CVE-2017-7494 == == Versions: All versions of Samba from 3.5.0 onwards. == == Summary: Malicious clients can upload and cause the smbd server == to execute a shared library from a writable share. == ==================================================================== =========== Description =========== All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients. ======= Credits ======= This problem was found by steelo <knownsteelo@gmail.com>. Volker Lendecke of SerNet and the Samba Team provided the fix.
commit 495f960e6f59116bc5ed7359921dd5e64d3c8204 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed May 24 11:44:09 2017 net-fs/samba: Security bump to versions 4.5.10 and 4.6.4 (bug #619516). Package-Manager: Portage-2.3.6, Repoman-2.3.2
*** Bug 619632 has been marked as a duplicate of this bug. ***
Arches please test and mark stable the following list of packages: =net-fs/samba-4.5.10 =sys-libs/ldb-1.1.29-r1 =sys-libs/talloc-2.1.9 =sys-libs/tdb-1.3.13 =sys-libs/tevent-0.9.31-r1 Target KEYWORDS are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
src_configure failure on ppc and ppc64 Checking for system resolv_wrapper >= 1.1.4 : not found ERROR: System library resolv_wrapper of version 1.1.4 not found, and bundling disabled
src_configure failure on ppc and ppc64 Checking for system socket_wrapper >= 1.1.7 : not found ERROR: System library socket_wrapper of version 1.1.7 not found, and bundling disabled
You'd like to add DEPEND+="test? ( >=net-libs/socket_wrapper-1.1.7 >=net-dns/resolv_wrapper-1.1.4 )"
(In reply to Michael Weber from comment #6) > You'd like to add > > DEPEND+="test? ( >=net-libs/socket_wrapper-1.1.7 > >=net-dns/resolv_wrapper-1.1.4 )" sry, uncond. RDEPEND.
commit 03dddbf85b3437544b19947e16b05096f88c397d (HEAD -> master, origin/master, origin/HEAD) Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri May 26 13:38:33 2017 net-fs/samba: Added missing test deps. Removed missing keywords. Package-Manager: Portage-2.3.6, Repoman-2.3.2
Arches please test and mark stable the following list of packages: =net-dns/resolv_wrapper-1.1.5 (USE="test" only) =net-fs/samba-4.5.10 =net-libs/socket_wrapper-1.1.7 (USE="test" only) =sys-libs/ldb-1.1.29-r1 =sys-libs/nss_wrapper-1.1.3 (USE="test" only) =sys-libs/talloc-2.1.9 =sys-libs/tdb-1.3.13 =sys-libs/tevent-0.9.31-r1 =sys-libs/uid_wrapper-1.2.1 (USE="test" only) Target KEYWORDS are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
ppc64 stable
Stable on alpha.
sparc stable
ia64 stable
ppc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
An automated check of this bug failed - the following atom is unknown: net-fs/samba-4.5.10 Please verify the atom list.
An automated check of this bug failed - the following atom is unknown: net-fs/samba-4.5.10-r1 Please verify the atom list.
https://bugs.gentoo.org/639024#c19
This issue was resolved and addressed in GLSA 201805-07 at https://security.gentoo.org/glsa/201805-07 by GLSA coordinator Aaron Bauman (b-man).