Fat-thumbed dev slashes Samba security

Remote code execution in all versions since 3.5.0, so it's patching time!

Sysadmins tending Samba need to get patching.

Samba's announcement, here, explains that it's suffering from a remote code execution bug that applies to all versions newer than Samba 3.5.0.

The software, currently at version 4.6.4, provides *nix integration with Windows file and print services.

In CVE-2017-7494, a malicious client can “upload a shared library to a writable share, and then cause the server to load and execute it.”

The advisory is scant on how this happened, but if The Register's reading of the patch note is accurate, the bug's in Samba's RPC (remote procedure call) server component.

Apparently, the unpatched RPC server accepted pipe names that included the “/” character – in other words, it looks like a directory traversal bug (feel free to correct us in the comments), so the fix is to refuse to open a connection if the pipe matches the regex %s\n.

HD Moore Tweeted that the bug could be exploited with a single line:

The patch is here. ®


Biting the hand that feeds IT © 1998–2017