Ghostscript CVE-2017-8291 Multiple Remote Code Execution Vulnerabilities
 
Ghostscript CVE-2016-9601 Local Integer Overflow Vulnerability
 
Samba CVE-2017-7494 Remote Code Execution Vulnerability
 
Cisco TelePresence IX5000 Series CVE-2017-6652 Directory Traversal Vulnerability
 
Linux Kernel CVE-2017-7261 Local Denial of Service Vulnerability
 
WebKitGTK+ Security Advisory WSA-2017-0004
 
Resteasy CVE-2016-9606 Remote Code Execution Vulnerability
 
 
IBM Java SDK CVE-2017-1289 XML External Entity Injection Vulnerability
 

Developers of Samba[1] disclosed a critical vulnerability that affects the file sharing component. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows. The vulnerable component is the daemon that offers file sharing capabilities.

As reported by HD Moore on his Twitter account[2], its trivial to trigger the vulnerability(just a one-liner exploit). An attacker has to find an open SMB share (TCP/445), padding:5px 10px"> nt pipe support = no

to the [global] section of your smb.conf and restart smbd.

Samba is a very popular tool and used on many corporate networks, it is also a core component in many residential products like NAS. Many vendors could be affected (Synology, WD, Qnap, DLink, ...). Some vendors like Synology[5] already communicated about this issue and are working on a patch but others might take more time to react. Home users do not patch their products and many NAS could remain vulnerable for a long time.

As always, if you are exposing writable SMB shares for your users, be sure to restrict access to authorisedpeople/hosts and do NOT share data across the Internet. They are risks that bad guys are already scanning the whole Internet.

[1]https://www.samba.org/
[2]https://twitter.com/hdmoore/status/867446072670646277
[3]https://www.samba.org/samba/security/CVE-2017-7494.html
[4]http://www.samba.org/samba/security/
[5]https://www.synology.com/en-global/support/security/Important_Information_Regarding_Samba_Vulnerability_CVE_2017_7494

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 
[slackware-security] samba (SSA:2017-144-01)
 
[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution
 

Enlarge (credit: Guido SorarĂ¹)

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed.

The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges, depending on the vulnerable platform.

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba maintainers wrote in an advisory published Wednesday. They urged anyone using a vulnerable version to install a patch as soon as possible.

Read 11 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status