Security patches for Samba

[German]The free Samba software contains a 'use-after-free' vulnerability in all versions since Samba 4.0 (released in 2012). A 2nd 'heap memory information leak' vulnerability is present since Samba version 3.6.0. Bit Linux distros are offering patches.

Samba is a free software re-implementation of the SMB/CIFS networking protocol. Samba provides file and printservices for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member.

Vulnerabilities CVE-2017-14746 and CVE-2017-15275

In Samba Security Releases there are two vulnerabilities CVE-2017-14746 and CVE-2017-15275 mentioned on November 21, 2017.

  • CVE-2017-14746: All Samba packages since version 4.0.0.0 are vulnerable for a 'use after free' attack.
  • CVE-2017-15275: All Samba packages since version 3.6.0 are vulnerable for a 'heap memory information leak' attack.

The bugs allow a malicious SMB1 request to give the attacker control over "the content of the heap memory via a deallocated heap pointer". This allows an attacker to retrieve information from the heap (password hashes or other high quality data). This may be used to compromise the SMB server.

Fixes available

The Register noted within this article, that important Linux distributions (Red Hat, Ubuntu, Debian etc.) has released patches for the "use-after-free" vulnerability for all Samba packages since version 4.0. The Samba project provides patches for the source code (see the following links).

Patch for Samba 4.7.2
Patch for Samba 4.6.10
Patch for Samba 4.5.14

Or disable SMB1

The other was is disabling SMBv1 on the server. Here the Samba project proposes, to add the entry:

server min protocol = SMB2

to the section [global] within the file smb.conf and restart the daemon smbd. But I should mention, that some clients are still requiring SMB1.

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *