[German]The free Samba software contains a 'use-after-free' vulnerability in all versions since Samba 4.0 (released in 2012). A 2nd 'heap memory information leak' vulnerability is present since Samba version 3.6.0. Bit Linux distros are offering patches.
Samba is a free software re-implementation of the SMB/CIFS networking protocol. Samba provides file and printservices for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member.
Vulnerabilities CVE-2017-14746 and CVE-2017-15275
In Samba Security Releases there are two vulnerabilities CVE-2017-14746 and CVE-2017-15275 mentioned on November 21, 2017.
- CVE-2017-14746: All Samba packages since version 4.0.0.0 are vulnerable for a 'use after free' attack.
- CVE-2017-15275: All Samba packages since version 3.6.0 are vulnerable for a 'heap memory information leak' attack.
The bugs allow a malicious SMB1 request to give the attacker control over "the content of the heap memory via a deallocated heap pointer". This allows an attacker to retrieve information from the heap (password hashes or other high quality data). This may be used to compromise the SMB server.
Fixes available
The Register noted within this article, that important Linux distributions (Red Hat, Ubuntu, Debian etc.) has released patches for the "use-after-free" vulnerability for all Samba packages since version 4.0. The Samba project provides patches for the source code (see the following links).
Patch for Samba 4.7.2
Patch for Samba 4.6.10
Patch for Samba 4.5.14
Or disable SMB1
The other was is disabling SMBv1 on the server. Here the Samba project proposes, to add the entry:
server min protocol = SMB2
to the section [global] within the file smb.conf and restart the daemon smbd. But I should mention, that some clients are still requiring SMB1.