CVE-2017-7494: Samba remote code execution vulnerability
Overview
Samba is an open source program that allows end-users utilizing SMB/CIFS clients to access files, printers and other commonly shared network resources. Samba is commonly used on Linux computers, allowing the network shares to be accessed by other computers, such as those running Microsoft Windows.
May 24, 2017, Samba released version 4.6.4, which fixes a serious remote code execution vulnerability, vulnerability number CVE-2017-7494, which affected Samba 3.5.0 onwards.
A brief description of the vulnerability
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Vulnerability number: CVE-2017-7494
Severity Rating: High
Affected software:
- Samba Version < 4.6.4
- Samba Version < 4.5.10
- Samba Version < 4.4.14
Unaffected software:
- Samba Version = 4.6.4
- Samba Version = 4.5.10
- Samba Version = 4.4.14
POC
Exploit CVE-2017-7494 using Metasploit.
- Update your Metasploit: apt-get update && apt-get upgrade
- Use module: exploits/linux/samba/is_known_pipename
Module description:
This module triggers an arbitrarily shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability. - Get shell 😀
Fix Information
- Samba users who use source installation should download the latest Samba version as soon as possible.
- Use the binary distribution package (RPM, etc.), users immediately for yum, apt-get update and other security update operation
Demo
