FS#54177 - [samba] remote code execution from a writable share
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Wednesday, 24 May 2017, 21:56 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 27 May 2017, 07:01 GMT
Opened by loqs (loqs) - Wednesday, 24 May 2017, 21:56 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 27 May 2017, 07:01 GMT
|
Details
Description:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Additional info: samba 4.5.8-1 in extra and samba 4.6.3-1 in testing are affected. https://www.samba.org/samba/security/CVE-2017-7494.html |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Saturday, 27 May 2017, 07:01 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in [extra] with samba 4.5.10-1 and in [testing] with samba 4.6.4-1.
Saturday, 27 May 2017, 07:01 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in [extra] with samba 4.5.10-1 and in [testing] with samba 4.6.4-1.
The easiest fix is actually just upgrade to 4.6.4, the patch (https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.gz) seemed very minimal so we should have just had it testing.