As per upstream advisory: All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server.
Mitigation: Prevent SMB1 access to the server by setting the parameter: "server min protocol = SMB2" to the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.
Acknowledgements: Name: the Samba project Upstream: Yihan Lian (Qihoo 360 Gear Team), Zhibin Hu (Qihoo 360 Gear Team)
External References: https://www.samba.org/samba/security/CVE-2017-14746.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1515692]
This issue has been addressed in the following products: Red Hat Gluster Storage 3.3 for RHEL 6 Red Hat Gluster Storage 3.3 for RHEL 7 Via RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3261
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3260
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:3278 https://access.redhat.com/errata/RHSA-2017:3278