Samba 远程执行代码漏洞(CVE-2017-7494)
作者:互联网
Samba,是种用来让UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做链接的自由软件。Samba 4.6.4, 4.5.10, 4.4.13之前的所有版本存在远程执行代码漏洞。攻击者可以利用客户端将指定库文件上传到具有可写权限的共享目录,会导致服务器加载并执行指定的库文件。解决方法 以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:Ubuntu----------------USN-3296-2: [USN-3296-2] Samba vulnerability链接: https://www.ubuntu.com/usn/usn-3296-2USN-3296-1: [USN-3296-1] Samba vulnerability链接: https://www.ubuntu.com/usn/usn-3296-1Red Hat Enterprise Linux----------------链接: https://access.redhat.com/security/cve/CVE-2017-7494CentOS----------------CESA-2017:1271: CESA-2017:1271 Important CentOS 6 samba4 Security Update链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022418.htmlCESA-2017:1270: CESA-2017:1270 Important CentOS 6 samba Security Update链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022419.htmlCESA-2017:1270: CESA-2017:1270 Important CentOS 7 samba Security Update链接: https://lists.centos.org/pipermail/centos-announce/2017-May/022420.htmlGentoo----------------GLSA-201805-07: Samba: Multiple vulnerabilities链接: https://security.gentoo.org/glsa/201805-07FreeBSD----------------6f4d96c0-4062-11e7-b291-b499baebfeaf: samba -- remote code execution vulnerability链接: http://vuxml.freebsd.org/freebsd/6f4d96c0-4062-11e7-b291-b499baebfeaf.htmlSlackware----------------SSA:2017-144-01: [slackware-security] samba (SSA:2017-144-01)链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.513769openSUSE----------------openSUSE-SU-2017:1415-1: openSUSE Security Update: Security update for samba链接: https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00072.htmlopenSUSE-SU-2017:1401-1: openSUSE Security Update: Security update for samba链接: https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00069.htmlSUSE----------------链接: https://www.suse.com/security/cve/CVE-2017-7494/Fedora----------------FEDORA-2017-c729c6123c: Fedora 26 Update: samba-4.6.4-0.fc26链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/54SWDFBKJ6IPCE56ITPDFZYMPXNGPBQW/FEDORA-2017-642a0eca75: Fedora 25 Update: samba-4.5.10-0.fc25链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQBWJCQH74QID2Q4N44FYXHLGE6RU32S/FEDORA-2017-570c0071c4: Fedora 24 Update: samba-4.4.14-0.fc24链接: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W4BBCPF57PGSZEEE47TVMTZE3RQ4V54I/Arch Linux----------------ASA-201705-22: [arch-security] [ASA-201705-22] samba: arbitrary code execution链接: https://security.archlinux.org/ASA-201705-22Oracle Linux----------------链接: https://linux.oracle.com/cve/CVE-2017-7494.htmlDebian----------------DSA-3860: DSA-3860-1 samba -- security update链接: https://www.debian.org/security/2017/dsa-3860EulerOS----------------链接: http://developer.huawei.com/ict/cn/site-euleros/euleros/cve/CVE-2017-7494
标签:Samba,security,7494,samba,https,org,2017,链接 来源: https://www.cnblogs.com/mrhonest/p/10892729.html