SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba smbd Named Pipe Validation Flaw Lets Remote Authenticated Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1038563
SecurityTracker URL:  http://securitytracker.com/id/1038563
CVE Reference:   CVE-2017-7494   (Links to External Site)
Date:  May 26 2017
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.5.0 and after
Description:   A vulnerability was reported in Samba. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can upload a shared library to a writable share and then open a specially named pipe endpoint (containing a '/' character) cause the target system to execute the library with root privileges.

steelo reported this vulnerability.

Impact:   A remote authenticated user with write privileges on the target share can execute arbitrary code with root privileges on the target system.
Solution:   CentOS has issued a fix.

i386:
b7b1c8610455bade94105cd8dab5aaad28c2722fe7e3bfe18f9249335e7f717d libsmbclient-3.6.23-43.el6_9.i686.rpm
05b9447cba79fccdb49f55459a0980433eaaca1e2189f4ffc38f1ff630207f42 libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
640c01eb4f9732749772dab258fbf1cbc6a6eb4ef42147977f173f4c2ae2ea2a samba-3.6.23-43.el6_9.i686.rpm
85d5b46258daf450001ec24ab7675227b3e0af096c3ededac60b56e71f5884cc samba-client-3.6.23-43.el6_9.i686.rpm
a3c66e36ee14c78ed54f91af1c5d9f101190fc34cff6b15af4ad54875d568cd8 samba-common-3.6.23-43.el6_9.i686.rpm
5896a35a4a886f202c43334fdc8bd0d4d37ef485fc75d62af8794cde74d02655 samba-doc-3.6.23-43.el6_9.i686.rpm
60cc7b67cd70e26578c692b5edd5a274dfad4c2f830b0e43901dd1cb94de104f samba-domainjoin-gui-3.6.23-43.el6_9.i686.rpm
df2d93d96fa2bccf0e734e1988bb2f246c263c120f5bd3e2633fbb1795a911a2 samba-swat-3.6.23-43.el6_9.i686.rpm
67cfb67203c4f4f4ad8a791f6fbb5b0062a5a3611395a2d6e6e023837e06d468 samba-winbind-3.6.23-43.el6_9.i686.rpm
f7efb43740a2771ac84d3c157e002cfc27c4e758cf31f417337eda8f45f40f02 samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
abd895242d17f8c64368c7ea44ad671eb19daafed83ba69314f5e2df2251c5e0 samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
048ac126fe2e78d382c0e7763f66072b1f8366ae2c9370355248236d32ba2d7a samba-winbind-krb5-locator-3.6.23-43.el6_9.i686.rpm

x86_64:
b7b1c8610455bade94105cd8dab5aaad28c2722fe7e3bfe18f9249335e7f717d libsmbclient-3.6.23-43.el6_9.i686.rpm
8ddeaa4c4e52bb252c9c76205b9f075adcb94ba9f82d5a70f3f5428ea589f9a1 libsmbclient-3.6.23-43.el6_9.x86_64.rpm
05b9447cba79fccdb49f55459a0980433eaaca1e2189f4ffc38f1ff630207f42 libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
15c29ceb0b28c8626cff5b807566427d409e491d10870289367200294a8eef07 libsmbclient-devel-3.6.23-43.el6_9.x86_64.rpm
6ea2e305a0301329993eb640cb71fb151dc5148d3aa1871ca5ec3821225e968a samba-3.6.23-43.el6_9.x86_64.rpm
96ba57edef5aa064171e4ae87b0428ed9aa10343624d3fd4709073e2cdd18b3d samba-client-3.6.23-43.el6_9.x86_64.rpm
a3c66e36ee14c78ed54f91af1c5d9f101190fc34cff6b15af4ad54875d568cd8 samba-common-3.6.23-43.el6_9.i686.rpm
0abeff8154f3723d3ec1c144dd8c036554a8862d9e0ef242d6fc96e4e5609ce6 samba-common-3.6.23-43.el6_9.x86_64.rpm
2b8503799609eb8c91385537fe5c11c6e3aa9946da6f7324d93544be7b79eaf6 samba-doc-3.6.23-43.el6_9.x86_64.rpm
11b801b4ee451851aafe41b1eb587f484a60dd32ef63e4c6a50d5875e1355e1e samba-domainjoin-gui-3.6.23-43.el6_9.x86_64.rpm
1f8380adba22ea74c1ab2195c07b11d216722e99f0d08401399d514c84dde373 samba-glusterfs-3.6.23-43.el6_9.x86_64.rpm
59821f5c6aa7bce6a66df7cf5f7b1b9c4cf86f33ae7ce61be366b2901123d3ac samba-swat-3.6.23-43.el6_9.x86_64.rpm
f9dc6778081825baedf0512ed95d70bc2b568a7555829fc03917a0924d432d5a samba-winbind-3.6.23-43.el6_9.x86_64.rpm
f7efb43740a2771ac84d3c157e002cfc27c4e758cf31f417337eda8f45f40f02 samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
47bed0bc15edb25908a7cd9f55e4d76ae858c7aa22894b5c24c68a0ed433c1e7 samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm
abd895242d17f8c64368c7ea44ad671eb19daafed83ba69314f5e2df2251c5e0 samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
ab1a14f8b67595565cf7d19166e6c6b7e4938990e884580b18473d3f1e08d9ec samba-winbind-devel-3.6.23-43.el6_9.x86_64.rpm
68082582a8c5cbd6dbdcc489e96f0f301112a130a6c212eb6b951d56bc6a84b9 samba-winbind-krb5-locator-3.6.23-43.el6_9.x86_64.rpm

Source:
293671da097c46e08ddd0ce5df5897b12db6a9676a1bd9a7864d8401575d44dd samba-3.6.23-43.el6_9.src.rpm

x86_64:
6e9e51cd9b9dd683ab359fe19754a5d7e72072fe3920372efd486afb110a18bb ctdb-4.4.4-14.el7_3.x86_64.rpm
9a2815fa3e13caf44e3d6859ad4c2ef1fde5bb3589d2106dc0e36cd7d4ba6217 ctdb-tests-4.4.4-14.el7_3.x86_64.rpm
640ebd6e694b9be9f099b1bfd41f6d5333b52728f00b50bf8247d572b99aef49 libsmbclient-4.4.4-14.el7_3.i686.rpm
f0848d61e339d135d1422d05166a32b0e995425d25b0a6ba442bd7dc64fcfbd9 libsmbclient-4.4.4-14.el7_3.x86_64.rpm
73cd579205fdb21cb5b4cda5ab0615eea52143d98f9f6185998c56ecd5e70a13 libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
ba26658b7326ef79fce098c7b7867023e680baab42274fe59b38d81a078cd652 libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
1ee9a4d4c6b6fb1e362d5362b0b1489fc0ebbf5c1582109d032bb670716f2475 libwbclient-4.4.4-14.el7_3.i686.rpm
6e9bb0def9ecc58e0a4afe9f417e13cac27af6839d2202c803672617da965873 libwbclient-4.4.4-14.el7_3.x86_64.rpm
72d906026c2ca00235e1242ff44e5ae7eef0f6af3b76ee43be2f95b13073ccf8 libwbclient-devel-4.4.4-14.el7_3.i686.rpm
7888922234cda2f6d96616ecac17358dddec470527a02f294f1156269fe94a73 libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
e537b5f8367bee0f1854512e35fe7b07f9003e901bdf2be9403ff8d8236872e7 samba-4.4.4-14.el7_3.x86_64.rpm
c29289b5f7e4da93bc62c53cdc641e033d1134ae8714351e45f78efc0d6368b0 samba-client-4.4.4-14.el7_3.x86_64.rpm
82bd62cb2b2c2a1cc3031fa2dcf8ecc0aba007df699b6c7722be44b6b7752efe samba-client-libs-4.4.4-14.el7_3.i686.rpm
0df6bc2c2259e7a8e87ad00bc84f3162ceb6289623f4e03bf43567e482f83cc5 samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
2cb497dee80c06a581c0657d1a8c3c7300789a68b0840185d93dcb57be0208cd samba-common-4.4.4-14.el7_3.noarch.rpm
f06f660394871f2e76bf0f9e57cbf18bbf909eaa6577ccf9bc0f1527021826d9 samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
b34640ad682dabe40d569786d465daaffef8e165da0fb238ecefc37e2eb5e972 samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
969e8dbcbff0dc717af7fa9c9d06467acb247f68d40d943ee575e592fb2830e6 samba-dc-4.4.4-14.el7_3.x86_64.rpm
e2349022592393c02e53d7a16b15910e2dd121259970b3202ced0b26fae6884d samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
bca74c301d1f70438266029c7df8e80bf58d35f96280b69f82dde287850b45b2 samba-devel-4.4.4-14.el7_3.i686.rpm
a5e0ec5aad8959413c897677346f1fed732c0c75ae3741812ba6dda5988b0f32 samba-devel-4.4.4-14.el7_3.x86_64.rpm
ec2a03d8dd202d13f892796d9bbfdfa4e9a93074537c72cf149ea4f2fa318d1e samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
9a2f762e659894a17ec147678ca229b97e94d65f0d3b052dcfba01e6ed63f989 samba-libs-4.4.4-14.el7_3.i686.rpm
9d7859134863266b795416668e9cce0bd31dbdbd0292bd8b06c41b0e175547b5 samba-libs-4.4.4-14.el7_3.x86_64.rpm
11aa0c03b3f2c8bdedd351133503a3d797ac3c019a26ea5a864a5683869871df samba-pidl-4.4.4-14.el7_3.noarch.rpm
d7d066b866d06f27c217a0070d8e9d64006f9616b1346d0d1c5b33e770fdc4ad samba-python-4.4.4-14.el7_3.x86_64.rpm
b61a6c3ddd0f98973dfe4d90dea2f9d528f0d0e2f19ff0742c92973fa533c525 samba-test-4.4.4-14.el7_3.x86_64.rpm
f18600bf2ce07eba1b1f400cf8f4dbb12ac94816f21dde77c8b00c0b39d48c0c samba-test-libs-4.4.4-14.el7_3.i686.rpm
b94c7d4c2aebda979a053f0dff64849b833383e60293d34c2eb44c4008e04cfc samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
a7d2ae76b6156601d9b5bd2224b356693fd6ec659c70172683bbeeed056ffdd2 samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
7e7814c4a4a5ef65ea6741bee37b685ad360492fc8381b2069d2935e61e331cf samba-winbind-4.4.4-14.el7_3.x86_64.rpm
4e8d475c4e38ab0738d5cb57b260601763089e5d15f1ec7f98a511906e3a395e samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
8a2bd7ed30051af102e71b2e1b9b11dd57c19447cf424f91464de1d2787f50b7 samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm
084ff31287eaa2f9a3c58dc5ea3c46c7f6685739e6121645c2163bd338b56da0 samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
dc21d8b456f63b2fe6b08a4b869b1f8fbd845548d2e8b6d6616b5e93463ea06e samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Source:
60563abed0f80d07ffa6b74c9503fb73b5c20adcbccde7eff96fbceebede6723 samba-4.4.4-14.el7_3.src.rpm

Cause:   Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
May 24 2017 Samba smbd Named Pipe Validation Flaw Lets Remote Authenticated Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1270 Important CentOS 7 samba Security Update


CentOS Errata and Security Advisory 2017:1270 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1270.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
6e9e51cd9b9dd683ab359fe19754a5d7e72072fe3920372efd486afb110a18bb  ctdb-4.4.4-14.el7_3.x86_64.rpm
9a2815fa3e13caf44e3d6859ad4c2ef1fde5bb3589d2106dc0e36cd7d4ba6217  ctdb-tests-4.4.4-14.el7_3.x86_64.rpm
640ebd6e694b9be9f099b1bfd41f6d5333b52728f00b50bf8247d572b99aef49  libsmbclient-4.4.4-14.el7_3.i686.rpm
f0848d61e339d135d1422d05166a32b0e995425d25b0a6ba442bd7dc64fcfbd9  libsmbclient-4.4.4-14.el7_3.x86_64.rpm
73cd579205fdb21cb5b4cda5ab0615eea52143d98f9f6185998c56ecd5e70a13  libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
ba26658b7326ef79fce098c7b7867023e680baab42274fe59b38d81a078cd652  libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
1ee9a4d4c6b6fb1e362d5362b0b1489fc0ebbf5c1582109d032bb670716f2475  libwbclient-4.4.4-14.el7_3.i686.rpm
6e9bb0def9ecc58e0a4afe9f417e13cac27af6839d2202c803672617da965873  libwbclient-4.4.4-14.el7_3.x86_64.rpm
72d906026c2ca00235e1242ff44e5ae7eef0f6af3b76ee43be2f95b13073ccf8  libwbclient-devel-4.4.4-14.el7_3.i686.rpm
7888922234cda2f6d96616ecac17358dddec470527a02f294f1156269fe94a73  libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
e537b5f8367bee0f1854512e35fe7b07f9003e901bdf2be9403ff8d8236872e7  samba-4.4.4-14.el7_3.x86_64.rpm
c29289b5f7e4da93bc62c53cdc641e033d1134ae8714351e45f78efc0d6368b0  samba-client-4.4.4-14.el7_3.x86_64.rpm
82bd62cb2b2c2a1cc3031fa2dcf8ecc0aba007df699b6c7722be44b6b7752efe  samba-client-libs-4.4.4-14.el7_3.i686.rpm
0df6bc2c2259e7a8e87ad00bc84f3162ceb6289623f4e03bf43567e482f83cc5  samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
2cb497dee80c06a581c0657d1a8c3c7300789a68b0840185d93dcb57be0208cd  samba-common-4.4.4-14.el7_3.noarch.rpm
f06f660394871f2e76bf0f9e57cbf18bbf909eaa6577ccf9bc0f1527021826d9  samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
b34640ad682dabe40d569786d465daaffef8e165da0fb238ecefc37e2eb5e972  samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
969e8dbcbff0dc717af7fa9c9d06467acb247f68d40d943ee575e592fb2830e6  samba-dc-4.4.4-14.el7_3.x86_64.rpm
e2349022592393c02e53d7a16b15910e2dd121259970b3202ced0b26fae6884d  samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
bca74c301d1f70438266029c7df8e80bf58d35f96280b69f82dde287850b45b2  samba-devel-4.4.4-14.el7_3.i686.rpm
a5e0ec5aad8959413c897677346f1fed732c0c75ae3741812ba6dda5988b0f32  samba-devel-4.4.4-14.el7_3.x86_64.rpm
ec2a03d8dd202d13f892796d9bbfdfa4e9a93074537c72cf149ea4f2fa318d1e  samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
9a2f762e659894a17ec147678ca229b97e94d65f0d3b052dcfba01e6ed63f989  samba-libs-4.4.4-14.el7_3.i686.rpm
9d7859134863266b795416668e9cce0bd31dbdbd0292bd8b06c41b0e175547b5  samba-libs-4.4.4-14.el7_3.x86_64.rpm
11aa0c03b3f2c8bdedd351133503a3d797ac3c019a26ea5a864a5683869871df  samba-pidl-4.4.4-14.el7_3.noarch.rpm
d7d066b866d06f27c217a0070d8e9d64006f9616b1346d0d1c5b33e770fdc4ad  samba-python-4.4.4-14.el7_3.x86_64.rpm
b61a6c3ddd0f98973dfe4d90dea2f9d528f0d0e2f19ff0742c92973fa533c525  samba-test-4.4.4-14.el7_3.x86_64.rpm
f18600bf2ce07eba1b1f400cf8f4dbb12ac94816f21dde77c8b00c0b39d48c0c  samba-test-libs-4.4.4-14.el7_3.i686.rpm
b94c7d4c2aebda979a053f0dff64849b833383e60293d34c2eb44c4008e04cfc  samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
a7d2ae76b6156601d9b5bd2224b356693fd6ec659c70172683bbeeed056ffdd2  samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
7e7814c4a4a5ef65ea6741bee37b685ad360492fc8381b2069d2935e61e331cf  samba-winbind-4.4.4-14.el7_3.x86_64.rpm
4e8d475c4e38ab0738d5cb57b260601763089e5d15f1ec7f98a511906e3a395e  samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
8a2bd7ed30051af102e71b2e1b9b11dd57c19447cf424f91464de1d2787f50b7  samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm
084ff31287eaa2f9a3c58dc5ea3c46c7f6685739e6121645c2163bd338b56da0  samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
dc21d8b456f63b2fe6b08a4b869b1f8fbd845548d2e8b6d6616b5e93463ea06e  samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Source:
60563abed0f80d07ffa6b74c9503fb73b5c20adcbccde7eff96fbceebede6723  samba-4.4.4-14.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC