Karolin Seeger
2017-May-24 07:21 UTC
[Samba] [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2017-7494 (Remote code execution from a writable share) ======Details ====== o CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Changes: -------- o Volker Lendecke <vl at samba.org> * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable share. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.6.4.html https://www.samba.org/samba/history/samba-4.5.10.html https://www.samba.org/samba/history/samba-4.4.14.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20170524/e40ea771/signature.sig>
Sonic
2017-May-24 11:28 UTC
[Samba] [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
Patch seems to be missing from v4-6-test. On Wed, May 24, 2017 at 3:21 AM, Karolin Seeger via samba-technical <samba-technical at lists.samba.org> wrote:> Release Announcements > --------------------- > > These are a security releases in order to address the following defect: > > o CVE-2017-7494 (Remote code execution from a writable share) > > ======> Details > ======> > o CVE-2017-7494: > All versions of Samba from 3.5.0 onwards are vulnerable to a remote > code execution vulnerability, allowing a malicious client to upload a > shared library to a writable share, and then cause the server to load > and execute it. > > > Changes: > -------- > > o Volker Lendecke <vl at samba.org> > * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable > share. > > > ####################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the "Samba 4.1 and newer" product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================> > > > ===============> Download Details > ===============> > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded > from: > > https://download.samba.org/pub/samba/stable/ > > The release notes are available online at: > > https://www.samba.org/samba/history/samba-4.6.4.html > https://www.samba.org/samba/history/samba-4.5.10.html > https://www.samba.org/samba/history/samba-4.4.14.html > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team
Jeremy Allison
2017-May-24 15:50 UTC
[Samba] [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
On Wed, May 24, 2017 at 09:21:14AM +0200, Karolin Seeger via samba-technical wrote:> Release Announcements > --------------------- > > These are a security releases in order to address the following defect: > > o CVE-2017-7494 (Remote code execution from a writable share) > > ======> Details > ======> > o CVE-2017-7494: > All versions of Samba from 3.5.0 onwards are vulnerable to a remote > code execution vulnerability, allowing a malicious client to upload a > shared library to a writable share, and then cause the server to load > and execute it. > > > Changes: > -------- > > o Volker Lendecke <vl at samba.org> > * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable > share. > > > ####################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the "Samba 4.1 and newer" product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================Thanks Karolin ! Here are some mitigation techniques from Red Hat in case servers cannot be patched immediately: ------------------------------------------------------------- https://bugzilla.redhat.com/show_bug.cgi?id=1450347#c3 Huzaifa S. Sidhpurwala 2017-05-15 04:02:57 EDT Mitigation: Any of the following: 1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit 2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option. 3. Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients. ------------------------------------------------------------- Jeremy.
Am 24.05.2017 um 17:50 schrieb Jeremy Allison via samba:> Here are some mitigation techniques from Red Hat in > case servers cannot be patched immediately:> 2. Mount the filessytem which is used by samba for its writeable share, > using "noexec" option.I would have expected this to be standard security precaution on all pure file servers (which is probably the most common use of Samba). Should the Samba-Wiki tell so, or shouldn't all Linux admins be sane enough do already do this?
Seemingly Similar Threads
- [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
- [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
- FW: Permissions issue
- [PATCH] Ensure blktap reports I/O errors back to guest
- [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download