On May 24, 2017, Samba 4.6.4 was released to fix a serious remote code execution vulnerability with the vulnerability ID CVE-2017-7494. This vulnerability affects all versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.
See the following for more information about the vulnerability.
CVE identifier
CVE-2017-7494
Vulnerability name
Samba remote code execution vulnerability
Vulnerability rating
High
Vulnerability description
The vulnerability uses a writeable Samba user right to obtain the root access right of the Samba server (by default, Samba can only be operated by the root user). This vulnerability affects all versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.
Condition and method of exploitation
This vulnerability can be exploited remotely.
Affected scope
All versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.
Vulnerability detection
Check whether any affected version of Samba is used.
How to fix or mitigate
If you have installed Samba by using source code, you must download the latest Samba version and manually reinstall it as soon as possible.
If you have installed Samba by using a binary distribution package (in RPM or another mode), you must immediately run yum and perform security update operations such as
apt-get update.Add the
nt pipe support = nooption under the global node insmb.confand then restart the Samba service, to prevent the vulnerability from being exploited. This is a mitigation measure.
Reference
[1]. https://www.samba.org/samba/security/CVE-2017-7494.html
[2]. https://www.reddit.com/r/netsec/comments/6d0tfx/samba_cve20177494_remote_code_execution_from_a/