edit-icon download-icon

[Vulnerability notice] Remote command execution vulnerability in Samba

Last Updated: May 07, 2018

Description

Samba is a free software re-implementation of the SMB/CIFS networking protocol. It provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain.

However, Samba has a remote code execution vulnerability. Attackers may exploit the vulnerability to construct a malicious request packet and attack the Samba system remotely without going through any request verification.

Affected versions

Samba 3.5.0 to 4.2.0rc4

Fix

  • Upgrade Samba to the latest version.

  • In addition, you can add the following command to the smb.conf file of Samba 4.0.0 or above (not applicable to 3.6.x and earlier versions).

    1. rpc_server:netlogon=disabled

Note: To guarantee normal operation of the application, run a test in the test environment first before upgrading the software.

Thank you! We've received your feedback.