Samba vulnerability (CVE-2017-7494) "SambaCry"

Robert Leong -

Scope

Venice and Linux base servers.

Samba 3.5.0 onwards.

Fixes

Rohde & Schwarz patch for RHEL 6.2, 6.4 and 6.5, also upgrade Samba to version 4.2.10.

(19-Sep-2017 update)
www.dvsus.com/gold/venice/SambaCryFix_RHEL6.tgz
www.dvsus.com/gold/venice/TechNote_SambaCry_en_1_1.pdf

or

3rd party upgrade to Samba 4.6.4/4.5.10/4.4.14 and higher.

Workaround

If the patch can not be applied, you may apply the workaround described via the link below, this config change prevents the usage of named pipes, which should not harm the Venice workflows.

https://www.samba.org/samba/security/CVE-2017-7494.html

The smb.conf is in /etc/samba/ and you'll need root permissions to edit it. Restart Samba service.

To identify your installed Samba version:

# smbd -V
Version 3.6.6

Restart Samba

# service smb restart

Alternate Method

Manually backup the smb.conf, move repo files out of the way, identify what samba is presently installed, remove them, run the install script, restore smb.conf.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.backup
# mkdir /etc/yum.repos.d/back1# rpm -qa | grep -i samba
# mv /etc/yum.repos.d/*.repo* /etc/yum.repos.d/back1/# yum remove samba-common # yum remove samba # yum remove samba-winbind-clients # ./SambaCryFix_RHEL6.sh # cp /etc/samba/smb.conf.backup /etc/samba/smb.conf

Alternate Method session example

Before update:

# uname -a
Linux mds1-120140002 2.6.32-220.7.1.el6.x86_64 #1 SMP Fri Feb 10 15:22:22 EST 2012 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/issue
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Kernel \r on an \m

# smbd -V
Version 3.5.10-114.el6

# rpm -qa | grep -i samba
samba-client-3.5.10-114.el6.x86_64
samba-common-3.5.10-114.el6.x86_64
samba-3.5.10-114.el6.x86_64
samba-winbind-3.5.10-114.el6.x86_64
samba-winbind-clients-3.5.10-114.el6.x86_64


Remove current installed samba:

# yum remove samba-common
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package samba-common.x86_64 0:3.5.10-114.el6 will be erased
--> Processing Dependency: samba-common = 3.5.10-114.el6 for package: samba-winbind-3.5.10-114.el6.x86_64
--> Processing Dependency: samba-common = 3.5.10-114.el6 for package: samba-client-3.5.10-114.el6.x86_64
--> Running transaction check
---> Package samba-client.x86_64 0:3.5.10-114.el6 will be erased
---> Package samba-winbind.x86_64 0:3.5.10-114.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================
 Package                     Arch                 Version                      Repository                                                             Size
===========================================================================================================================================================
Removing:
 samba-common                x86_64               3.5.10-114.el6               @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2                47 M
Removing for dependencies:
 samba-client                x86_64               3.5.10-114.el6               @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2                41 M
 samba-winbind               x86_64               3.5.10-114.el6               @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2                12 M

Transaction Summary
===========================================================================================================================================================
Remove        3 Package(s)

Installed size: 100 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
Lib_Utils-1.00-09.noarch is a duplicate with Lib_Utils-1.00-07.noarch
  Erasing    : samba-winbind-3.5.10-114.el6.x86_64                                                                                                     1/3 
  Erasing    : samba-client-3.5.10-114.el6.x86_64                                                                                                      2/3 
  Erasing    : samba-common-3.5.10-114.el6.x86_64                                                                                                      3/3 
warning: /etc/samba/smb.conf saved as /etc/samba/smb.conf.rpmsave
Installed products updated.

Removed:
  samba-common.x86_64 0:3.5.10-114.el6                                                                                                                     

Dependency Removed:
  samba-client.x86_64 0:3.5.10-114.el6                                        samba-winbind.x86_64 0:3.5.10-114.el6                                       

Complete!

And

# yum remove samba
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:3.5.10-114.el6 will be erased
--> Finished Dependency Resolution
Repository InstallMedia is listed more than once in the configuration

Dependencies Resolved

============================================================================================================================================================
 Package                         Arch                             Version                                     Repository                               Size
============================================================================================================================================================
Removing:
 samba                           x86_64                           3.5.10-114.el6                              @InstallMedia                            17 M

Transaction Summary
============================================================================================================================================================
Remove        1 Package(s)

Installed size: 17 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : samba-3.5.10-114.el6.x86_64                                                                                                              1/1 
Installed products updated.

Removed:
  samba.x86_64 0:3.5.10-114.el6                                                                                                                             

Complete!

And

# yum remove samba-winbind-clients
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package samba-winbind-clients.x86_64 0:3.5.10-114.el6 will be erased
--> Processing Dependency: libwbclient.so.0()(64bit) for package: libsmbclient-3.5.10-114.el6.x86_64
--> Processing Dependency: samba-winbind-clients = 3.5.10-114.el6 for package: libsmbclient-3.5.10-114.el6.x86_64
--> Running transaction check
---> Package libsmbclient.x86_64 0:3.5.10-114.el6 will be erased
--> Processing Dependency: libsmbclient.so.0()(64bit) for package: gnome-vfs2-smb-2.24.2-6.el6.x86_64
--> Processing Dependency: libsmbclient.so.0()(64bit) for package: gvfs-smb-1.4.3-12.el6.x86_64
--> Processing Dependency: libsmbclient >= 3.0.8-0.pre1.3 for package: gnome-vfs2-smb-2.24.2-6.el6.x86_64
--> Running transaction check
---> Package gnome-vfs2-smb.x86_64 0:2.24.2-6.el6 will be erased
---> Package gvfs-smb.x86_64 0:1.4.3-12.el6 will be erased
--> Finished Dependency Resolution
Repository InstallMedia is listed more than once in the configuration

Dependencies Resolved

============================================================================================================================================================
 Package                           Arch               Version                     Repository                                                           Size
============================================================================================================================================================
Removing:
 samba-winbind-clients             x86_64             3.5.10-114.el6              @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2             3.4 M
Removing for dependencies:
 gnome-vfs2-smb                    x86_64             2.24.2-6.el6                @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2              32 k
 gvfs-smb                          x86_64             1.4.3-12.el6                @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2             302 k
 libsmbclient                      x86_64             3.5.10-114.el6              @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2             6.4 M

Transaction Summary
============================================================================================================================================================
Remove        4 Package(s)

Installed size: 10 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : gnome-vfs2-smb-2.24.2-6.el6.x86_64                                                                                                       1/4 
  Erasing    : gvfs-smb-1.4.3-12.el6.x86_64                                                                                                             2/4 
  Erasing    : libsmbclient-3.5.10-114.el6.x86_64                                                                                                       3/4 
  Erasing    : samba-winbind-clients-3.5.10-114.el6.x86_64                                                                                              4/4 
Installed products updated.

Removed:
  samba-winbind-clients.x86_64 0:3.5.10-114.el6                                                                                                             

Dependency Removed:
  gnome-vfs2-smb.x86_64 0:2.24.2-6.el6                 gvfs-smb.x86_64 0:1.4.3-12.el6                 libsmbclient.x86_64 0:3.5.10-114.el6                

Complete!

Run the install script

# ./SambaCryFix_RHEL6.sh 
This script will uninstall all old Samba packages from your system. Afterwards it will install a new version of Samba 4.
Continue? [y/n] y
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Cleaning repos: samba4-fix
Cleaning up Everything
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
samba4-fix                                                                                                                           | 2.9 kB     00:00 ... 
samba4-fix/filelists_db                                                                                                              | 154 kB     00:00 ... 
samba4-fix/primary_db                                                                                                                | 218 kB     00:00 ... 
samba4-fix/other_db                                                                                                                  | 118 kB     00:00 ... 
Metadata Cache Created
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba4.x86_64 0:4.2.10-10.el6_9 will be installed
--> Processing Dependency: samba4-libs = 4.2.10-10.el6_9 for package: samba4-4.2.10-10.el6_9.x86_64
--> Processing Dependency: samba4-common = 4.2.10-10.el6_9 for package: samba4-4.2.10-10.el6_9.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so(SAMBA_4.2.10)(64bit) for package: samba4-4.2.10-10.el6_9.x86_64

...........

Cleaning repos: InstallMedia
Cleaning up Everything
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Repository InstallMedia is listed more than once in the configuration
InstallMedia                                                                                                                         | 4.1 kB     00:00 ... 
InstallMedia/group_gz                                                                                                                | 211 kB     00:00 ... 
InstallMedia/filelists_db                                                                                                            | 3.3 MB     00:00 ... 
InstallMedia/primary_db                                                                                                              | 3.1 MB     00:00 ... 
InstallMedia/other_db                                                                                                                | 1.4 MB     00:00 ... 
Metadata Cache Created
Please try to get access via Windows-Explorer to your shares. Furthermore please take a look to SANREMO
if it is installed ony your system.

# smbd -V
Version 4.2.10

 

 

 

 

 

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.