{"id":4337,"date":"2017-11-26T01:00:00","date_gmt":"2017-11-26T00:00:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=4337"},"modified":"2017-11-24T20:15:06","modified_gmt":"2017-11-24T19:15:06","slug":"security-patches-for-samba","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/11\/26\/security-patches-for-samba\/","title":{"rendered":"Security patches for Samba"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"http:\/\/www.borncity.com\/blog\/2017\/11\/24\/samba-bentigt-zwei-sicherheits-patches\/\" target=\"_blank\">German<\/a>]The free Samba software contains a 'use-after-free' vulnerability in all versions since Samba 4.0 (released in 2012). A 2nd 'heap memory information leak' vulnerability is present since Samba version 3.6.0. Bit Linux distros are offering patches. <\/p>\n<p><!--more--><\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Samba_(software)\" target=\"_blank\">Samba<\/a> is a free software re-implementation of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Server_Message_Block\">SMB\/CIFS<\/a> networking <a href=\"https:\/\/en.wikipedia.org\/wiki\/Protocol_(computing)\">protocol<\/a>. Samba provides file and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Input\/output\">print<\/a>services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member.<\/p>\n<h2>Vulnerabilities CVE-2017-14746 and CVE-2017-15275<\/h2>\n<p>In <a href=\"https:\/\/www.samba.org\/samba\/history\/security.html\" target=\"_blank\">Samba Security Releases<\/a> there are two vulnerabilities <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14746\" target=\"_blank\">CVE-2017-14746<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-15275\" target=\"_blank\">CVE-2017-15275<\/a> mentioned on November 21, 2017. <\/p>\n<ul>\n<li>CVE-2017-14746: All Samba packages since version 4.0.0.0 are vulnerable for a 'use after free' attack.\n<li>CVE-2017-15275: All Samba packages since version 3.6.0 are vulnerable for a 'heap memory information leak' attack. <\/li>\n<\/ul>\n<p>The bugs allow a malicious SMB1 request to give the attacker control over \"the content of the heap memory via a deallocated heap pointer\". This allows an attacker to retrieve information from the heap (password hashes or other high quality data). This may be used to compromise the SMB server.<\/p>\n<h2>Fixes available<\/h2>\n<p>The Register noted within <a href=\"https:\/\/www.theregister.co.uk\/2017\/11\/23\/samba_needs_two_patches\/\" target=\"_blank\">this article<\/a>, that important Linux distributions (Red Hat, Ubuntu, Debian etc.) has released patches for the \"use-after-free\" vulnerability for all Samba packages since version 4.0. The <a href=\"https:\/\/www.samba.org\/samba\/history\/security.html\" target=\"_blank\">Samba project<\/a> provides patches for the source code (see the following links).<\/p>\n<p><a href=\"https:\/\/www.samba.org\/samba\/ftp\/patches\/security\/samba-4.7.2-security-2017-11-21.patch\" target=\"_blank\">Patch for Samba 4.7.2<\/a><br \/><a href=\"https:\/\/www.samba.org\/samba\/ftp\/patches\/security\/samba-4.6.10-security-2017-11-21.patch\" target=\"_blank\">Patch for Samba 4.6.10<\/a><br \/><a href=\"https:\/\/www.samba.org\/samba\/ftp\/patches\/security\/samba-4.5.14-security-2017-11-21.patch\" target=\"_blank\">Patch for Samba 4.5.14<\/a>  <\/p>\n<h2>Or disable SMB1<\/h2>\n<p>The other was is disabling SMBv1 on the server. <a href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2017-14746.html\" target=\"_blank\">Here<\/a> the Samba project proposes, to add the entry:  <\/p>\n<p><em>server min protocol = SMB2<\/em>  <\/p>\n<p>to the section [global] within the file <em>smb.conf <\/em>and restart the daemon <em>smbd<\/em>. But I should mention, that some clients are still requiring SMB1.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The free Samba software contains a 'use-after-free' vulnerability in all versions since Samba 4.0 (released in 2012). A 2nd 'heap memory information leak' vulnerability is present since Samba version 3.6.0. Bit Linux distros are offering patches.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[637,1156,69],"class_list":["post-4337","post","type-post","status-publish","format-standard","hentry","category-security","tag-linux","tag-samba","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4337"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4337\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}