Anderson Hoffmann do Carmo
2017-May-25 16:54 UTC
[Samba] CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu
Hi We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with some Windows Clients The Ubuntu repository not update samba package (last version is 4.3.11). Please, how am i can fix the CVE-2017-7494 (Remote code execution from a writable share) in my SAMBA server? Should option 'nt pipe support = no' will influence how SAMBA_AD works? Anderson Hoffmann
Data Control Systems - Mike Elkevizth
2017-May-25 16:59 UTC
[Samba] CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu
According to the changelog from Ubuntu (
http://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.3.11+dfsg-0ubuntu0.16.04.7/changelog)
this fix has been backported into the Ubuntu 4.3.11 packages.
samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: remote code execution from a writable share
- debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
slash inside in source3/rpc_server/srv_pipe.c.
- CVE-2017-7494
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 19 May 2017
14:18:13 -0400
Mike E.
On Thu, May 25, 2017 at 12:54 PM, Anderson Hoffmann do Carmo via samba <
samba at lists.samba.org> wrote:
> Hi
>
> We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with
> some Windows Clients
> The Ubuntu repository not update samba package (last version is 4.3.11).
>
> Please, how am i can fix the CVE-2017-7494 (Remote code execution from a
> writable share) in my SAMBA server?
>
> Should option 'nt pipe support = no' will influence how SAMBA_AD
works?
>
>
> Anderson Hoffmann
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Anderson Hoffmann do Carmo
2017-May-25 17:13 UTC
[Samba] CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu
Hi Mike Thank you for the information! :-) Anderson Hoffmann 2017-05-25 13:59 GMT-03:00 Data Control Systems - Mike Elkevizth < mike at datacontrolsystems.com>:> According to the changelog from Ubuntu (http://changelogs.ubuntu.com/ > changelogs/pool/main/s/samba/samba_4.3.11+dfsg-0ubuntu0.16.04.7/changelog) > this fix has been backported into the Ubuntu 4.3.11 packages. > > samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium > > * SECURITY UPDATE: remote code execution from a writable share > - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a > slash inside in source3/rpc_server/srv_pipe.c. > - CVE-2017-7494 > > -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 19 May 2017 > 14:18:13 -0400 > > Mike E. > > > On Thu, May 25, 2017 at 12:54 PM, Anderson Hoffmann do Carmo via samba < > samba at lists.samba.org> wrote: > >> Hi >> >> We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with >> some Windows Clients >> The Ubuntu repository not update samba package (last version is 4.3.11). >> >> Please, how am i can fix the CVE-2017-7494 (Remote code execution from a >> writable share) in my SAMBA server? >> >> Should option 'nt pipe support = no' will influence how SAMBA_AD works? >> >> >> Anderson Hoffmann >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >