CVE-2017-14746
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.
Find out more about CVE-2017-14746 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 6.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Gluster 3.3 Samba on RHEL-7 (samba) | RHSA-2017:3261 | 2017-11-27 |
| Red Hat Enterprise Linux 6 (samba4) | RHSA-2017:3278 | 2017-11-29 |
| Red Hat Gluster 3.3 Samba on RHEL-6 (samba) | RHSA-2017:3261 | 2017-11-27 |
| Red Hat Enterprise Linux 7 (samba) | RHSA-2017:3260 | 2017-11-27 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected |
| Red Hat Enterprise Linux 5 | samba | Not affected |
Acknowledgements
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yihan Lian (Qihoo 360 Gear Team) and Zhibin Hu (Qihoo 360 Gear Team) as the original reporters.Mitigation
Prevent SMB1 access to the server by setting the parameter:
"server min protocol = SMB2"
to the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.