Bug 1450347 (CVE-2017-7494)
Summary: | CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE (SambaCry) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | asn, cperry, dwojewod, gdeschner, janarula, jarrpa, metze, mjc, rcyriac, redhat-bugzilla, sbose, security-response-team, sisharma |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-24 15:11:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1450779, 1450780, 1450782, 1450783, 1450784, 1450785, 1450792, 1450857, 1451689, 1451798, 1452334, 1455050, 1456371, 1456372, 1456373, 1456375, 1456376, 1456377 | ||
Bug Blocks: | 1450350 |
Description
Adam Mariš
2017-05-12 10:11:33 UTC
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1455050] This issue has been addressed in the following products: Red Hat Gluster Storage 3.2 for RHEL 6 Red Hat Gluster Storage 3.2 for RHEL 7 Via RHSA-2017:1273 https://access.redhat.com/errata/RHSA-2017:1273 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2017:1272 https://access.redhat.com/errata/RHSA-2017:1272 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1271 https://access.redhat.com/errata/RHSA-2017:1271 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1270 https://access.redhat.com/errata/RHSA-2017:1270 Mitigation: Any of the following: 1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit 2. Mount the filesystem which is used by samba for its writable share using "noexec" option. 3. Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients. This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 Advanced Update Support Red Hat Enterprise Linux 6.4 Advanced Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.5 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Extended Update Support Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:1390 https://access.redhat.com/errata/RHSA-2017:1390 Statement: This vulnerability exists in the samba server, client side packages are not affected. |