Samba Patched Seven-Year-Old Vulnerability

June 2, 2017

While the Windows World was busy fighting the EternalBlue (which exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol), the Linux World was not peaceful either. Last week Samba (the Unix/Linux re-implementation of the SMB protocol) released updates to fix a critical vulnerability, CVE-2017-7494.

The vulnerability is due to improper path validation on pipe names in is_known_pipename() function. Since there are no checks whether the pipename is an absolute path, an attacker can specify the absolute path to an arbitrary file.

Remote attackers with write access to a share can exploit this vulnerability by uploading a malicious shared object, then requesting to open this file on the $IPC share. Successful exploitation will result in arbitrary code execution. Administrators are urged to upgrade Samba to latest releases.

Sonicwall provides protection against this threat via the following signatures:

  • IPS sid:12812 "Samba Uploaded Shared Library Remote Code Execution 1"
  • IPS sid:12820 "Samba Uploaded Shared Library Remote Code Execution 2"
  • IPS sid:12821 "Samba Uploaded Shared Library Remote Code Execution 3"