[German]The free Samba software contains a ‘use-after-free’ vulnerability in all versions since Samba 4.0 (released in 2012). A 2nd ‘heap memory information leak’ vulnerability is present since Samba version 3.6.0. Bit Linux distros are offering patches.
Samba is a free software re-implementation of the SMB/CIFS networking protocol. Samba provides file and printservices for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member.
Vulnerabilities CVE-2017-14746 and CVE-2017-15275
- CVE-2017-14746: All Samba packages since version 22.214.171.124 are vulnerable for a ‘use after free’ attack.
- CVE-2017-15275: All Samba packages since version 3.6.0 are vulnerable for a ‘heap memory information leak’ attack.
The bugs allow a malicious SMB1 request to give the attacker control over “the content of the heap memory via a deallocated heap pointer”. This allows an attacker to retrieve information from the heap (password hashes or other high quality data). This may be used to compromise the SMB server.
The Register noted within this article, that important Linux distributions (Red Hat, Ubuntu, Debian etc.) has released patches for the “use-after-free” vulnerability for all Samba packages since version 4.0. The Samba project provides patches for the source code (see the following links).
Or disable SMB1
The other was is disabling SMBv1 on the server. Here the Samba project proposes, to add the entry:
server min protocol = SMB2
to the section [global] within the file smb.conf and restart the daemon smbd. But I should mention, that some clients are still requiring SMB1.
Cookies helps to fund this blog: Cookie settings