Alert GCSA-17031 - Vulnerabilita' critica in Samba
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: Alert GCSA-17031
Data: 29 maggio 2017
Titolo: Vulnerabilita' critica in Samba
******************************************************************
:: Descrizione del problema
E' stata individuata una vulnerabilita' critica nel software Samba
che potrebbe consentire ad un utente remoto l'esecuzione di
codice arbitrario.
:: Software interessato
Tutte le versioni di Samba dalla 3.5.0 in poi
:: Impatto
Esecuzione di codice arbitrario da remoto
:: Soluzioni
Installare la seguente patch
http://www.samba.org/samba/security/
oppure aggiornare il software alle seguenti versioni
Samba 4.6.4
Samba 4.5.10
Samba 4.4.14
:: Riferimenti
Samba HomePage
https://www.samba.org/samba/security/CVE-2017-7494.html
Mitre CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
SANS Internet Storm Center
https://isc.sans.edu/diary.html?storyid=22452
SecurityFocus
http://www.securityfocus.com/bid/98636
Red Hat
https://access.redhat.com/security/cve/CVE-2017-7494
Ubuntu
http://www.ubuntu.com/usn/usn-3296-1/
http://www.ubuntu.com/usn/usn-3296-2/
SuSE Linux
https://www.suse.com/security/cve/CVE-2017-7494/
Debian
https://www.debian.org/security/2017/dsa-3860
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.513769
Kaspersky Lab Threatpost
https://threatpost.com/samba-patches-wormable-bug-exploitable-with-one-line-of-code/125915/
CERT Nazionale Italia
https://www.certnazionale.it/bollettini/2017/05/25/vulnerabilita-di-tipo-esecuzione-di-codice-da-remoto-in-samba/
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFZLDRnwZxMk2USYEIRAuc4AJ0bHxids/zKbAXkC+4pGTDKl0kkSgCg1MIs
AeUYzcwhwPN8UMDsS6FRHlI=
=1RpI
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: Alert GCSA-17031
Data: 29 maggio 2017
Titolo: Vulnerabilita' critica in Samba
******************************************************************
:: Descrizione del problema
E' stata individuata una vulnerabilita' critica nel software Samba
che potrebbe consentire ad un utente remoto l'esecuzione di
codice arbitrario.
:: Software interessato
Tutte le versioni di Samba dalla 3.5.0 in poi
:: Impatto
Esecuzione di codice arbitrario da remoto
:: Soluzioni
Installare la seguente patch
http://www.samba.org/samba/security/
oppure aggiornare il software alle seguenti versioni
Samba 4.6.4
Samba 4.5.10
Samba 4.4.14
:: Riferimenti
Samba HomePage
https://www.samba.org/samba/security/CVE-2017-7494.html
Mitre CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
SANS Internet Storm Center
https://isc.sans.edu/diary.html?storyid=22452
SecurityFocus
http://www.securityfocus.com/bid/98636
Red Hat
https://access.redhat.com/security/cve/CVE-2017-7494
Ubuntu
http://www.ubuntu.com/usn/usn-3296-1/
http://www.ubuntu.com/usn/usn-3296-2/
SuSE Linux
https://www.suse.com/security/cve/CVE-2017-7494/
Debian
https://www.debian.org/security/2017/dsa-3860
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.513769
Kaspersky Lab Threatpost
https://threatpost.com/samba-patches-wormable-bug-exploitable-with-one-line-of-code/125915/
CERT Nazionale Italia
https://www.certnazionale.it/bollettini/2017/05/25/vulnerabilita-di-tipo-esecuzione-di-codice-da-remoto-in-samba/
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFZLDRnwZxMk2USYEIRAuc4AJ0bHxids/zKbAXkC+4pGTDKl0kkSgCg1MIs
AeUYzcwhwPN8UMDsS6FRHlI=
=1RpI
-----END PGP SIGNATURE-----