CVE-2017-14746: Samba - Security Announcement Archive

CVE-2017-14746.html:

==================================================================== == Subject: Use-after-free vulnerability. == == CVE ID#: CVE-2017-14746 == == Versions: All versions of Samba from 4.0.0 onwards. == == Summary: A client may use an SMB1 request to manipulate == the contents of heap space. == ====================================================================

=========== Description ===========

All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server.

================== Patch Availability ==================

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.

========== Workaround ==========

Prevent SMB1 access to the server by setting the parameter:

server min protocol = SMB2

to the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.

======= Credits =======

This problem was found by Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam. Jeremy Allison of Google and the Samba Team provided the fix.