Samba is a software that implements the SMB protocol on Linux and UNIX systems. Version 4.6.4 of Samba released on May 24, 2017 fixes a critical remote code execution vulnerability. The vulnerability number is CVE-2017-7494 and affects Samba versions after 3.5.0 and 4.6.4/4.5.10/4.4.14.
Vulnerability ID:
CVE-2017-7494
Vulnerability description:
This vulnerability only requires a writable Samba user authority to escalate to the root authority of the server where Samba is located (Samba is executed with root user authority by default). At present, the attack code has been circulated, and some researchers have successfully used the attack code to verify the vulnerability:
Attack process:
Construct a pipe name or path name with a "/" symbol, such as "/home/toor/test.so"
through the SMB protocol to actively let the server SMB return the FID
and then directly request the FID to enter the above-mentioned Malicious process
Vulnerability exploitation conditions and methods:
direct remote exploitation.
Vulnerability Detection:
Detects whether Samba is in use within the affected version range.
Reinforcement suggestion:
- Samba users who use source code installation, please download the latest Samba version as soon as possible to update manually;
- Users who use binary distribution packages (RPM, etc.) immediately perform security update operations such as yum, apt-get update, etc.
Mitigation strategy: Users can mitigate this vulnerability by adding the "nt pipe support = no" option under the [global] node of smb.conf, and then restarting the Samba service.
Provide the latest Linux technology tutorial books for free, and strive to do more and better for open source technology enthusiasts: http://www.linuxprobe.com/