Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201705-22 ========================================= Severity: High Date : 2017-05-30 CVE-ID : CVE-2017-7494 Package : samba Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-279 Summary ====== The package samba before version 4.5.10-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.5.10-1. # pacman -Syu "samba>=4.5.10-1" The problem has been fixed upstream in version 4.5.10. Workaround ========= Add the parameter: nt pipe support = no to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note that this can disable some expected functionality for Windows clients. Description ========== All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Impact ===== A malicious authenticated client can execute arbitrary code on the affected host by uploading a shared library to a writable share. References ========= https://security.archlinux.org/CVE-2017-7494