K1000 and K2000 SAMBA remote code execution vulnerability
I have not seen anything from Quest regarding this.
https://www.samba.org/samba/security/CVE-2017-7494.html
====================================================================
== Subject: Remote code execution from a writable share.
==
== CVE ID#: CVE-2017-7494
==
== Versions: All versions of Samba from 3.5.0 onwards.
==
== Summary: Malicious clients can upload and cause the smbd server
== to execute a shared library from a writable share.
==
====================================================================
===========
Description
===========
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
==================
Patch Availability
==================
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.
==========
Workaround
==========
Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.
=======
Credits
=======
This problem was found by steelo <knownsteelo@gmail.com>. Volker
Lendecke of SerNet and the Samba Team provided the fix.
But since this fix is not as easy as in the "blog" there is not yet a solution (this parameter breaks some major functions of a SMB server, for some systems this does not matter but for the majority it does)
You may refer to these two articles:
https://support.quest.com/kb/230044
https://support.quest.com/kb/230047 - Nico_K 7 years ago