Red Hat Enterprise Linux CVE-2017-7494 – malicious clients can upload and cause the smbd server to execute a shared library from a writable share

Red Hat Enterprise Linux CVE-2017-7494 (a remote code execution flaw was found in Samba) malicious authenticated samba client having write access to the samba share could use this flaw to execute arbitrary code as root

Workaround – add the parameter
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients e.g. when you type \\10.100.10.2\ from Windows Explorer on a samba server you would get a permission denied Windows clients would have to manually specify the share as \\10.100.10.2\share_name to access the share

Leave a Reply

You must be logged in to post a comment.