You are Here:
Linux Lite 4.6 RC1 has been released. See the Release Announcements section for more information.



[ SECURITY ] Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x

Author (Read 3092 times)

0 Members and 1 Guest are viewing this topic.

Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« on: May 25, 2017, 06:51:39 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
The vulnerability - CVE-2017-7494 - affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto standard for providing Windows-based file and print services on Unix and Linux systems.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code: [Select]
apt policy samba
should show the patched version for Series 3.x:

Code: [Select]
apt policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

should show the patched version for Series 2.x:

Code: [Select]
apt policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.14.04.8
  Candidate: 2:4.3.11+dfsg-0ubuntu0.14.04.8

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html

https://community.rapid7.com/community/infosec/blog/2017/05/25/patching-cve-2017-7494-in-samba-it-s-the-circle-of-life
Last Edit: June 01, 2017, 11:27:23 PM by Jerry
 


Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #1 on: May 25, 2017, 07:24:23 PM »
 

Ottawagrant

  • Forum Regular
  • ***
  • 182
    Posts
  • Country: ca
  • Reputation: 28
  • Linux Lite Member

  • Linux Lite: 4.2 64bit

  • CPU: Intel Duo Core 2 E8400 @ 3.00GHz

  • MEMORY: 12Gb

  • VIDEO CARD: Mesa DRI Intel Q45/Q43
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #2 on: May 25, 2017, 08:30:21 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
I posted about this a few weeks ago on the forum, same port, same method.
One other member, @paul1149  ( I think) who replied had noticed the same and also fixed his.

Although I knew no technical info about it until I received the news from Google to the phone today one of which was the Reuters article published today.
So as it was more accurate and contained useful info that was easier to understand than my post was, I thought it would be useful to post the link and let people decide what to do, or read more on.

Also @Ottawagrant in the hope people like yourself add useful links so we can to learn more info. :)
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #3 on: May 26, 2017, 02:04:49 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6936
    Posts
  • Country: nz
  • Reputation: 642
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
People should already have this patched version:

Code: [Select]
Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

Code: [Select]
apt policy samba
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #4 on: May 26, 2017, 09:53:55 AM »
 

amigo

  • New to Forums
  • *
  • 30
    Posts
  • Country: us
  • Reputation: 8
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • CPU: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz

  • MEMORY: 6Gb

  • VIDEO CARD: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2)
Jerry,
When you say "should" does that mean I "should" install something myself or it "should" already be installed, possibly through updates.
I'm not that savvy so I if it's I need to do something myself  I may need some guidance. Like step by step.
Thx
Morris
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #5 on: May 26, 2017, 10:29:34 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6936
    Posts
  • Country: nz
  • Reputation: 642
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
Run the above command. If it returns the above version, you're OK, nothing to do. If not, run that command once a day until it shows the above version. Make sure you run sudo apt-get update first each time.

Sent from my Mobile phone using Tapatalk
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #6 on: May 26, 2017, 11:48:13 AM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
Thank You Jerry.
I have the patched version you specified, it must have been in the Install Updates, of Samba.
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #7 on: May 26, 2017, 03:40:18 PM »
 

amigo

  • New to Forums
  • *
  • 30
    Posts
  • Country: us
  • Reputation: 8
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • CPU: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz

  • MEMORY: 6Gb

  • VIDEO CARD: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2)
Sorry guys, when I said step by step I meant it. I'll be 72 this year so lend a hand to the old guy.
I ran sudo apt-get update and got this

Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]   
Hit:3 http://ppa.launchpad.net/nemh/systemback/ubuntu xenial InRelease         
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]     
Hit:5 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu xenial InRelease
Hit:6 http://ppa.launchpad.net/ubuntu-wine/ppa/ubuntu xenial InRelease         
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] 
Get:8 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [544 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [528 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [469 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [454 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe Sources [4,036 B]
Get:13 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [5,616 B]
Get:14 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 Packages [5,620 B]
Get:15 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe Translation-en [2,872 B]
Hit:16 http://repo.linuxliteos.com/linuxlite citrine InRelease                 
Hit:17 http://archive.canonical.com xenial InRelease                           
Fetched 2,320 kB in 5s (424 kB/s)                                             
Reading package lists... Done

Amigo (Morris)
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #8 on: May 26, 2017, 05:47:59 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
Hello amigo,

first run

Code: [Select]
sudo apt-get update
enter your password when prompted.

When it completes to the prompt again, (at the end of the results), then enter this

Code: [Select]
apt policy samba
Your results should read -

People should already have this patched version:

Code: [Select]
Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

If so it is patched, it is done.

If not and it has version numbers below those on the lines from Jerry at Installed, and Candidate.
After the next Install Updates is run , Menu>Favourites>Install Updates.

Repeat the above from the beginning and see if the Installed and Candidate are now updated to how Jerry stated.
If yes it is done.
If no repeat the next day after Install updates.
Last Edit: May 26, 2017, 05:49:47 PM by bitsnpcs
 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #9 on: May 26, 2017, 08:49:16 PM »
 

amigo

  • New to Forums
  • *
  • 30
    Posts
  • Country: us
  • Reputation: 8
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • CPU: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz

  • MEMORY: 6Gb

  • VIDEO CARD: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2)
thx btsnpcs

Here's the result....

Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.6
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

Looks like I'll need to run again tommorow.

Again, thx.

 

Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
« Reply #10 on: May 26, 2017, 08:56:20 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
Glad to be a part of the help amigo  :)
 


Tags:
 


Linux Lite 4.6 RC1 has been released. See the Release Announcements section for more information.