New issue
Advanced search Search tips

Issue 732031 link

Starred by 1 user
Status: Archived
Owner:
ljusten@chromium.org
Closed: Jun 2017
Cc:
tnagel@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in net-fs/samba

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jun 10 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: net-fs/samba
Package Version: [cpe:/a:samba:samba:4.5.3]

Advisory: CVE-2017-7494
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7494
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Comment 1 by mnissler@chromium.org, Jun 12 2017

Cc: tnagel@chromium.org
Labels: -ComponentOSKernel Security_Severity-High Security_Impact-None
Owner: ljusten@chromium.org
Looks like automated CVE routing does work, happy to see that :)

ljusten@, can you check whether chromad is vulnerable? I suspect not since we're not exposing shares, but I haven't looked at the vulnerability details.

Labeling impact-none, severity-high for now based on the assumption we don't expose writable shares and we're thus not exploitable. We should still make sure we pick up any patches.
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/61521124df99c43f4a37d72b16645dba91a89793

commit 61521124df99c43f4a37d72b16645dba91a89793
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Jun 13 09:13:04 2017

Samba: Apply patch for CVE-2017-7494

See https://www.samba.org/samba/security/CVE-2017-7494.html for
details. The issue probably does not cause any harm to Chrome OS yet
since it is a Samba server bug and authpolicy, being the only Samba
user so far, only acts as a client.

BUG= chromium:732031 
TEST=emerge-amd64-generic samba

Change-Id: Ib2ff497d723af55d662793e0daa2bb00225ba51e
Reviewed-on: https://chromium-review.googlesource.com/531385
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Zentaro Kavanagh <zentaro@google.com>

[add] https://crrev.com/61521124df99c43f4a37d72b16645dba91a89793/net-fs/samba/files/samba-4.5.3-fix_cve_2017_7494.patch
[rename] https://crrev.com/61521124df99c43f4a37d72b16645dba91a89793/net-fs/samba/samba-4.5.3-r8.ebuild
[modify] https://crrev.com/61521124df99c43f4a37d72b16645dba91a89793/net-fs/samba/samba-4.5.3.ebuild

Comment 3 by ljusten@chromium.org, Jun 13 2017

Status: Fixed (was: Untriaged)
Project Member

Comment 4 by sheriffbot@chromium.org, Jun 13 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 5 by sheriffbot@chromium.org, Sep 19 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment