Samba 远程执行代码漏洞(CVE-2017-7494)

Samba,是种用来让UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做链接的自由软件。
 
Samba 4.6.4, 4.5.10, 4.4.13之前的所有版本存在远程执行代码漏洞。攻击者可以利用客户端将指定库文件上传到具有可写权限的共享目录,会导致服务器加载并执行指定的库文件。
 
 
 
 
解决方法
 
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
 
Ubuntu
----------------
USN-3296-2: [USN-3296-2] Samba vulnerability
链接: https://www.ubuntu.com/usn/usn-3296-2
USN-3296-1: [USN-3296-1] Samba vulnerability
链接: https://www.ubuntu.com/usn/usn-3296-1
 
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2017-7494
 
CentOS
----------------
CESA-2017:1271: CESA-2017:1271 Important CentOS 6 samba4 Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022418.html
CESA-2017:1270: CESA-2017:1270 Important CentOS 6 samba Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022419.html
CESA-2017:1270: CESA-2017:1270 Important CentOS 7 samba Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022420.html
 
Gentoo
----------------
GLSA-201805-07: Samba: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201805-07
 
FreeBSD
----------------
6f4d96c0-4062-11e7-b291-b499baebfeaf: samba -- remote code execution vulnerability
链接: http://vuxml.freebsd.org/freebsd/6f4d96c0-4062-11e7-b291-b499baebfeaf.html
 
Slackware
----------------
SSA:2017-144-01: [slackware-security] samba (SSA:2017-144-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.513769
 
openSUSE
----------------
openSUSE-SU-2017:1415-1: openSUSE Security Update: Security update for samba
链接: https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00072.html
openSUSE-SU-2017:1401-1: openSUSE Security Update: Security update for samba
链接: https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00069.html
 
SUSE
----------------
链接: https://www.suse.com/security/cve/CVE-2017-7494/
 
Fedora
----------------
FEDORA-2017-c729c6123c: Fedora 26 Update: samba-4.6.4-0.fc26
链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/54SWDFBKJ6IPCE56ITPDFZYMPXNGPBQW/
FEDORA-2017-642a0eca75: Fedora 25 Update: samba-4.5.10-0.fc25
链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQBWJCQH74QID2Q4N44FYXHLGE6RU32S/
FEDORA-2017-570c0071c4: Fedora 24 Update: samba-4.4.14-0.fc24
链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W4BBCPF57PGSZEEE47TVMTZE3RQ4V54I/
 
Arch Linux
----------------
ASA-201705-22: [arch-security] [ASA-201705-22] samba: arbitrary code execution
链接: https://security.archlinux.org/ASA-201705-22
 
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2017-7494.html
 
Debian
----------------
DSA-3860: DSA-3860-1 samba -- security update
链接: https://www.debian.org/security/2017/dsa-3860
 
EulerOS
----------------
链接: http://developer.huawei.com/ict/cn/site-euleros/euleros/cve/CVE-2017-7494
posted @ 2019-05-20 10:34  mrhonest  阅读(421)  评论(0)    收藏  举报