Samba Patched Seven-Year-Old Vulnerability

While the Windows World was busy fighting the EternalBlue (which exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol), the Linux World was not peaceful either. Last week Samba (the Unix/Linux re-implementation of the SMB protocol) released updates to fix a critical vulnerability, CVE-2017-7494.

The vulnerability is due to improper path validation on pipe names in is_known_pipename() function. Since there are no checks whether the pipename is an absolute path, an attacker can specify the absolute path to an arbitrary file.

Remote attackers with write access to a share can exploit this vulnerability by uploading a malicious shared object, then requesting to open this file on the $IPC share. Successful exploitation will result in arbitrary code execution. Administrators are urged to upgrade Samba to latest releases.

Sonicwall provides protection against this threat via the following signatures:

• IPS sid:12812 “Samba Uploaded Shared Library Remote Code Execution 1”

• IPS sid:12820 “Samba Uploaded Shared Library Remote Code Execution 2”

• IPS sid:12821 “Samba Uploaded Shared Library Remote Code Execution 3”

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.