漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494 )
It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125 )
A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126 )
A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619 )
QID Detection Logic:
This authenticated QID checks if the following file versions are lesser than 4.4.4-13.35.amzn1: samba-python, libwbclient-devel, samba-debuginfo, ctdb, ctdb-tests, samba-client, libwbclient, samba-winbind-modules, samba-test, samba-winbind-clients, libsmbclient-devel, libsmbclient, samba-krb5-printing, samba-client-libs, samba-common-tools, samba-winbind-krb5-locator, samba-libs, samba, samba-devel, samba-common-libs, samba-winbind, samba-test-libs
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-834 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-834: Amazon Linux (samba (4.4.4-13.35.amzn1) on noarch)
ALAS-2017-834: Amazon Linux (samba (4.4.4-13.35.amzn1) on x86_64)
ALAS-2017-834: Amazon Linux (samba (4.4.4-13.35.amzn1) on src)
ALAS-2017-834: Amazon Linux (samba (4.4.4-13.35.amzn1) on i686)
0daybank
文章评论