Shulou(Shulou.com)06/01 Report--

This article is about how to analyze Samba information disclosure vulnerability SambaBleed, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

As a free software to implement SMB protocol on Linux and UNIX systems, Samba has a wide range of applications in the field of * nix.

A few days ago, security researchers at 360360 Gear Team (Lian Yihan, Hu Zhibin) found that there was a security flaw in the Samba SMB1 protocol. An attacker with write access to the Samba account could remotely disclose the memory information of the target Samba server, affecting the full version of Samba. The vulnerability number is CVE-2017-12163. After that, the Samba and Google teams provided a fix.

It is reported that this vulnerability is called SambaBleed vulnerability.

360CERT recommends that users of Samba software make security updates as soon as possible.

0x01 event influence surface

Level of influence

The risk level of vulnerability is high, and the scope of influence is wide.

Affect the version

Full version of Samba

Repair version

Samba 4.6.8,4.5.14 and 4.4.16

Details of 0x02 vulnerability

In the SMB1 protocol, the scope of the user write request is not strictly checked, which exceeds the size of the data that the user has sent, which causes the memory information of the server to be written to the file, but can not control which memory information is written. The officially provided patch defends the vulnerability by adding a judgment on the size of the requested write data before writing.

Leaked memory information:

0x03 repair scheme

1. Official patches are available in versions 4.6.7,4.5.13 and 4.4.15 of Samba. It is strongly recommended that all affected users update the official patches in a timely manner or update to the fixed version.

Patch address: https://www.samba.org/samba/history/security.html

2. Force the use of SMB2 protocol, set "server min protocol = SMB2_02" in [global] of smb.conf, and restart smbd.

The above is how to analyze the Samba information disclosure vulnerability SambaBleed, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.