Em 2017-06-26 17:14, Arian Molina Aguilera escreveu:
El 26/06/17 a las 16:48, Alberto José García Fumero escribió:
Buenos días.
en su momento leí, no recuerdo dónde (esta memoria, como siempre...),
sobre un exploit en Samba 4 que podía desactivarse mediante la línea
nt pipe support=no
en /etc/smb.conf, pero si lo hago no es posible autenticar contra el
Samba 4.
¿Alguien ha oído hablar de eso? Quisiera saber si eso tiene fundamento
o
no.
Solo actualiza samba a la versión 4.6.5, y no debes tener ningún
problema con dicha vulnerabilidad.
Creo que estas en el comportamiento esperado segun mi primera cita, la
ultima que es de Samba.org te dice que version poner
https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/
People who use Samba should check with their operating system or device
provider to see if a fix is available. Those who are unable to patch
immediately can work around the vulnerability by adding the line
nt pipe support = no
to their Samba configuration file and restarting the network's SMB
daemon. The change will prevent clients from fully accessing some
network computers. The change may also disable some expected functions
for connected Windows machines.
Given the ease and reliability of exploits, this hole is worth plugging
as soon as possible. It's likely only a matter of time until attackers
begin actively targeting it.
-----------------------
https://nakedsecurity.sophos.com/2017/05/26/samba-exploit-not-quite-wannacry-for-linux-but-patch-anyway/
What to do?
Unlike ETERNALBLUE and WannaCry, not every vulnerable SMB service can
actively be exploited, so the risk is easier to control.
Here’s what you need to know:
If you have Samba installed but are only using it as a client to
connect out to other file shares, the exploit can’t be used because
there is no listening server for a crook to connect to.
If you have Samba shares open but they are configured read-only (for
example if you are using Samba to publish updates to Windows PCs on your
network), the exploit can’t be used because the crooks can’t upload
their malware file to start the attack.
If you have writable Samba shares but you have set the Samba
configuration option nt pipe support = no, the exploit can’t be used
because the crooks can’t send the malformed IPC requests to launch the
malware they just uploaded.
If you update your Samba version to 4.6.4 (4.5.10 or 4.4.14 if you
are on older release branches), the exploit can’t be used because Samba
won’t accept the malformed IPC request that references the uploaded
malware by its local path name.
------------------
https://www.samba.org/samba/security/CVE-2017-7494.html
== Subject: Remote code execution from a writable share.
==
== CVE ID#: CVE-2017-7494
==
== Versions: All versions of Samba from 3.5.0 onwards.
==
== Summary: Malicious clients can upload and cause the smbd server
== to execute a shared library from a writable share.
==
====================================================================
===========
Description
===========
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
==================
Patch Availability
==================
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.
--
Salu2, Ulinx
"En un problema con n ecuaciones
siempre habrá al menos n+1 incógnitas"
Linux user 366775
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
