==================================================================== == Subject: Use-after-free vulnerability. == == CVE ID#: CVE-2017-14746 == == Versions: All versions of Samba from 4.0.0 onwards. == == Summary: A client may use an SMB1 request to manipulate == the contents of heap space. == ==================================================================== =========== Description =========== All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== Prevent SMB1 access to the server by setting the parameter: server min protocol = SMB2 to the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server. ======= Credits ======= This problem was found by Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam. Jeremy Allison of Google and the Samba Team provided the fix.