Linux Lite Forums

General => Security & Bug Fixes => Topic started by: bitsnpcs on May 25, 2017, 06:51:39 PM

Title: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: bitsnpcs on May 25, 2017, 06:51:39 PM
The vulnerability - CVE-2017-7494 - affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto standard for providing Windows-based file and print services on Unix and Linux systems.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code: [Select]
apt policy samba
should show the patched version for Series 3.x:

Code: [Select]
apt policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

should show the patched version for Series 2.x:

Code: [Select]
apt policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.14.04.8
  Candidate: 2:4.3.11+dfsg-0ubuntu0.14.04.8

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html (https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html)

https://community.rapid7.com/community/infosec/blog/2017/05/25/patching-cve-2017-7494-in-samba-it-s-the-circle-of-life (https://community.rapid7.com/community/infosec/blog/2017/05/25/patching-cve-2017-7494-in-samba-it-s-the-circle-of-life)
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: Ottawagrant on May 25, 2017, 07:24:23 PM
Read about this the other day. Very, very important that you check what (samba) processes are running as root on your computer:

https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/
https://community.rapid7.com/community/infosec/blog/2017/05/25/patching-cve-2017-7494-in-samba-it-s-the-circle-of-life
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: bitsnpcs on May 25, 2017, 08:30:21 PM
I posted about this a few weeks ago on the forum, same port, same method.
One other member, @paul1149  ( I think) who replied had noticed the same and also fixed his.

Although I knew no technical info about it until I received the news from Google to the phone today one of which was the Reuters article published today.
So as it was more accurate and contained useful info that was easier to understand than my post was, I thought it would be useful to post the link and let people decide what to do, or read more on.

Also @Ottawagrant in the hope people like yourself add useful links so we can to learn more info. :)
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: Jerry on May 26, 2017, 02:04:49 AM
People should already have this patched version:

Code: [Select]
Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

Code: [Select]
apt policy samba
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: amigo on May 26, 2017, 09:53:55 AM
Jerry,
When you say "should" does that mean I "should" install something myself or it "should" already be installed, possibly through updates.
I'm not that savvy so I if it's I need to do something myself  I may need some guidance. Like step by step.
Thx
Morris
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: Jerry on May 26, 2017, 10:29:34 AM
Run the above command. If it returns the above version, you're OK, nothing to do. If not, run that command once a day until it shows the above version. Make sure you run sudo apt-get update first each time.

Sent from my Mobile phone using Tapatalk
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: bitsnpcs on May 26, 2017, 11:48:13 AM
Thank You Jerry.
I have the patched version you specified, it must have been in the Install Updates, of Samba.
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: amigo on May 26, 2017, 03:40:18 PM
Sorry guys, when I said step by step I meant it. I'll be 72 this year so lend a hand to the old guy.
I ran sudo apt-get update and got this

Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]   
Hit:3 http://ppa.launchpad.net/nemh/systemback/ubuntu xenial InRelease         
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]     
Hit:5 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu xenial InRelease
Hit:6 http://ppa.launchpad.net/ubuntu-wine/ppa/ubuntu xenial InRelease         
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] 
Get:8 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [544 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [528 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [469 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [454 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe Sources [4,036 B]
Get:13 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [5,616 B]
Get:14 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 Packages [5,620 B]
Get:15 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe Translation-en [2,872 B]
Hit:16 http://repo.linuxliteos.com/linuxlite citrine InRelease                 
Hit:17 http://archive.canonical.com xenial InRelease                           
Fetched 2,320 kB in 5s (424 kB/s)                                             
Reading package lists... Done

Amigo (Morris)
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: bitsnpcs on May 26, 2017, 05:47:59 PM
Hello amigo,

first run

Code: [Select]
sudo apt-get update
enter your password when prompted.

When it completes to the prompt again, (at the end of the results), then enter this

Code: [Select]
apt policy samba
Your results should read -

People should already have this patched version:

Code: [Select]
Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

If so it is patched, it is done.

If not and it has version numbers below those on the lines from Jerry at Installed, and Candidate.
After the next Install Updates is run , Menu>Favourites>Install Updates.

Repeat the above from the beginning and see if the Installed and Candidate are now updated to how Jerry stated.
If yes it is done.
If no repeat the next day after Install updates.
Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: amigo on May 26, 2017, 08:49:16 PM
thx btsnpcs

Here's the result....

Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.6
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7

Looks like I'll need to run again tommorow.

Again, thx.

Title: Re: Samba vulnerability CVE-2017-7494 Series 2.x Series 3.x
Post by: bitsnpcs on May 26, 2017, 08:56:20 PM
Glad to be a part of the help amigo  :)