CVE-2017-7494 - Samba version > 3.50 < 4.4.14 remote code execution vulnerability

    • Offizieller Beitrag

    A fix has already been released. You can't always go by package version since fixes are backported to older versions.


    Look: https://security-tracker.debian.org/tracker/CVE-2017-7494


    I'm safe :)
    # dpkg -l | grep samba
    ii samba 2:4.2.14+dfsg-0+deb8u6 amd64 SMB/CIFS file, print, and login server for Unix

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • OMV Version 2.1.13 (Stone burner) does appear to still be vulnerable:


    Code
    # dpkg -l | grep samba
    ii  samba                               2:3.6.6-6+deb7u10                amd64        SMB/CIFS file, print, and login server for Unix
    ii  samba-common                        2:3.6.6-6+deb7u10                all          common files used by both the Samba server and client
    ii  samba-common-bin                    2:3.6.6-6+deb7u10                amd64        common files used by both the Samba server and client

    It needs to be at 2:3.6.6-6+deb7u13 for the vulnerability to be fixed.


    The workaround is to add nt pipe support = no to the [global] section of your smb.conf and restart smbd.


    This can be done in the GUI by going to Services > SMB/CIFS > Settings > Advanced settings > Extra options and adding nt pipe support = no to the normally empty dialogue.

    • Offizieller Beitrag

    It needs to be at 2:3.6.6-6+deb7u13 for the vulnerability to be fixed.

    deb7u13 is in the security repo which should be enabled on OMV 2.x boxes.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!


  • deb7u13 is in the security repo which should be enabled on OMV 2.x boxes.

    Thanks for the prompt @ryecoaaron I issued an apt-get update && apt-get upgrade from the command line and it did pull in the fixed version, amongst other things.


    I'm not sure why I thought this would have been done automatically, but I guess I should add it as a cron job.

    • Offizieller Beitrag

    I'm not sure why I thought this would have been done automatically, but I guess I should add it as a cron job.

    Updating the repo and downloading (but not installing) updates is a cron job in OMV. Not sure why your cron job seems to not be working.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Is there a way to check your version in the GUI? Or a way to use the commandline in the GUI or a url? I'm using a Raspberry which is far away from any screen... I just updated everything, my omv version is 3.0.76. Should I still be worried? Thanks!

  • Is there a way to check your version in the GUI? Or a way to use the commandline in the GUI or a url? I'm using a Raspberry which is far away from any screen... I just updated everything, my omv version is 3.0.76. Should I still be worried? Thanks!

    What's wrong with ssh and then:


    apt-cache-policy samba

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    Is there a way to check your version in the GUI?

    Yes. Go to Diagnostics -> System Information -> Report. There is a Packages section.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!