Samba, a popular implementation of the SMB networking protocol shared by various Linux distributions, has been found vulnerable, potentially letting cybercriminals remotely control victims. All versions starting with version 4.0 from 2012 seem to have been affected by the issue.
The vulnerability exploits the way heap memory is deallocated, potentially enabling attackers to place and execute malicious code at their own discretion, by manipulating SMB1 requests sent to the SMB server.
“All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer,” reads the advisory. “It is possible this may be used to compromise the SMB server.”
Fixes addressing the vulnerable Samba distributions were released on November 21st, encouraging everyone affected to either upgrade to newer Samba versions or download and install the new patches immediately.
Other workarounds include completely disabling the SMB1 protocol and switching to SMB2, but incompatibilities may occur as some legacy infrastructures may have clients that only support SMB1. Consequently, patching remains the most viable option to thwart attacks exploiting the issue.
“Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as security releases to correct the defect,” according to the CVE-2017-14746 advisory. “Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.”
However, another bug in the same protocol affects Samba versions 3.6.0 onwards, so system administrators need to double down on installing the latest security fixes and updates as soon as possible. CVE-2017-15275 is similar to the previous one, in that it exploits a vulnerability in the way heap memory is manipulated, but there’s a patch available to address it as well.