Re: [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download

2017-05-24 Thread Jeremy Allison via samba-announce 
On Wed, May 24, 2017 at 09:21:14AM +0200, Karolin Seeger via samba-technical 
wrote:
> Release Announcements
> -
> 
> These are a security releases in order to address the following defect:
> 
> o  CVE-2017-7494 (Remote code execution from a writable share)
> 
> ===
> Details
> ===
> 
> o  CVE-2017-7494:
>All versions of Samba from 3.5.0 onwards are vulnerable to a remote
>code execution vulnerability, allowing a malicious client to upload a
>shared library to a writable share, and then cause the server to load
>and execute it.
> 
> 
> Changes:
> 
> 
> o  Volker Lendecke 
>* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
>  share.
> 
> 
> ###
> Reporting bugs & Development Discussion
> ###
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
> 
> 
> ==
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==

Thanks Karolin ! Here are some mitigation techniques from Red Hat in
case servers cannot be patched immediately:

-
https://bugzilla.redhat.com/show_bug.cgi?id=1450347#c3

Huzaifa S. Sidhpurwala 2017-05-15 04:02:57 EDT
Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of
modules from outside of samba's module directories and therefore blocks the 
exploit

2. Mount the filessytem which is used by samba for its writeable share,
using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents
clients from accessing any named pipe endpoints. Note this can disable some
expected functionality for Windows clients.
-

Jeremy.

[Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download

2017-05-24 Thread Karolin Seeger via samba-announce 
Release Announcements
-

These are a security releases in order to address the following defect:

o  CVE-2017-7494 (Remote code execution from a writable share)

===
Details
===

o  CVE-2017-7494:
   All versions of Samba from 3.5.0 onwards are vulnerable to a remote
   code execution vulnerability, allowing a malicious client to upload a
   shared library to a writable share, and then cause the server to load
   and execute it.


Changes:


o  Volker Lendecke 
   * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
 share.


###
Reporting bugs & Development Discussion
###

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==




Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
from:

https://download.samba.org/pub/samba/stable/

The release notes are available online at:

https://www.samba.org/samba/history/samba-4.6.4.html
https://www.samba.org/samba/history/samba-4.5.10.html
https://www.samba.org/samba/history/samba-4.4.14.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team


signature.asc
Description: Digital signature