CVE-2017-7494: samba RCE from a writeable share "SambaCry"

SUMMARY

Samba RCE requires updating samba packages.

CVE ID

CVE-2017-7494

DESCRIPTION

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
 
All versions of Samba from 3.5.0 onwards are vulnerable to this remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
 
Unitrends Risk Assessment: None with security updates included in version 10.1 or patch available as of 5/25/17.
 

RESOLUTION

Fixed in samba-3.6.23-43.el6_9 and later.  

This patch is included with the latest security updates.  To apply the latest security updates, follow the notes provided in Unitrends Response to certain security vulnerabilities (CVEs) - Reference Article.

To confirm you have successfully patched, run the command below and verify you are running samba-3.6.23-43.el6_9 or newer.
 

[[email protected] ~]# rpm -qa | grep samba
samba-winbind-3.6.23-43.el6_9.x86_64
samba-common-3.6.23-43.el6_9.x86_64
samba-client-3.6.23-43.el6_9.x86_64
samba-winbind-clients-3.6.23-43.el6_9.x86_64
samba-3.6.23-43.el6_9.x86_64


 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us