Shulou(Shulou.com)06/01 Report--

How to achieve Samba UAF and memory leak analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

0x00 event description Samba, as a free software to implement SMB protocol on Linux and UNIX systems, has a wide range of applications in * nix field.

In September 2017, 360 Gear Team security researchers (Lian Yihan, Hu Zhibin) discovered that there was a UAF vulnerability in the Samba SMB1 protocol, which affected the version of Samba prior to 4.0.0, and the vulnerability number was CVE-2017-14746.

On November 21, 2017, RedHat officially disclosed CVE-2017-15275, a vulnerability that could cause a memory leak and allow attackers to craft malicious requests to be sent to the affected version of the server to obtain sensitive data in memory.

SMB officially released an update package and patch for these two vulnerabilities on November 21, 2017.

360CERT strongly recommends that users of Samba software make security updates as soon as possible.

0x01 event influence surface

Level of influence

The risk level of vulnerability is high, and the scope of influence is wide.

Affect versions and products

CVE-2017-14746:

All versions of Samba from 4.0.0 onwards.

Repair version

Samba 4.7.3, 4.6.11 and 4.5.15

0x02 vulnerability details

CVE-2017-14746:

There is a use after free vulnerability in the Samba SMB1 protocol that allows information on the heap to be controlled by reallocated heap pointers, which could be used by an attacker to attack the SMB server.

CVE-2017-15275:

In Samba v3.6.0, heap memory information is leaked, where heap memory allocated by the server may be returned to the client without being purged.

Officials say there are no known vulnerabilities associated with this, but unpurged heap memory may contain previously used data, which may help attackers compromise the server in other ways. Unpurged heap memory may contain password hashes or other high-value data.

0x03 repair scheme

1. For CVE-2017-14746 and CVE-2017-15275, it is strongly recommended that all affected users update the official patch or update to the fixed version in a timely manner.

Patch address: http://www.samba.org/samba/security/

2. For CVE-2017-14746, you can use SMB2 protocol, set "server min protocol = SMB2_02" in [global] of smb.conf, and restart smbd. It should be noted that this may cause previous users to be unable to connect to the server.

After reading the above, do you know how to analyze Samba UAF and memory leaks? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.