|CERT-In Vulnerability Note
Multiple Vulnerabilities in Samba
Original Issue Date:December 05, 2017
Severity Rating: HIGH
- Samba version 3.6.0 onwards
Multiple vulnerabilities have been reported in Samba which could be exploited by a remote attacker to obtain potentially sensitive information or execute arbitrary code on the affected system.
1. Use-After-Free Vulnerability
This vulnerability exists in Samba due to use-after-free memory error with the affected software. A remote attacker could exploit this vulnerability by sending specially crafted Server Message Block 1 (SMB1) which could control the contents of heap memory through a de-allocated heap pointer.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the target system.
2. Information Disclosure Vulnerability
This vulnerability exists in Samba due to improper memory allocation by the affected software. A remote attacker could exploit this vulnerability by sending a crafted request resulting in a heap
memory information leak leveraging failure of the server to clear allocated heap memory.
Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information from heap memory on the targeted system.
Prevent SMB1 access to the server by setting the parameter:
server min protocol = SMB2
to the [global] section of smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.
Apply appropriate fixes as issued by the vendor Security Bulletin:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003