Arch Linux Security Advisory ASA-201705-22

Severity: High
Date : 2017-05-30
CVE-ID : CVE-2017-7494
Package : samba
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-279

Summary

The package samba before version 4.5.10-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 4.5.10-1.

pacman -Syu “samba>=4.5.10-1”

The problem has been fixed upstream in version 4.5.10.

Workaround

Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note that
this can disable some expected functionality for Windows clients.

Description

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Impact

A malicious authenticated client can execute arbitrary code on the
affected host by uploading a shared library to a writable share.

References

https://www.samba.org/samba/security/CVE-2017-7494.html
https://security.archlinux.org/CVE-2017-7494