Insecure library loading in samba (Alpine package)

1) Insecure library loading

EUVDB-ID: #VU6676

Risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2017-7494

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on vulnerable server.

The vulnerability exists due to insecure library loading mechanism, when processing files on file shares. A remote attacker with ability to upload file on SMB share can upload and execute arbitrary shared library on the server with privileges of the Samba process.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

samba (Alpine package): 3.5.5-r0 - 4.2.14-r2

CPE2.3

• cpe:2.3:o:alpine:samba_alpine_package:4.2.14-r2:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:samba_alpine_package:4.2.14-r1:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:samba_alpine_package:4.1.8-r0:*:*:*:*:alpine_linux:*:

External links

http://git.alpinelinux.org/aports/commit/?id=f50bb2548152e9b9380afe68212d3f696c0373a3
http://git.alpinelinux.org/aports/commit/?id=fdb1ee2fe180bd7643e8e92d61bb42f7e4d11913
http://git.alpinelinux.org/aports/commit/?id=3db1fe39c495486ce8c4e6f93bce8da75d9e0a10
http://git.alpinelinux.org/aports/commit/?id=c5b93ddc16cccf0e5aa939ebf89b81ce1de63c47

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.