MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2017

MA-674.072017: MyCERT Advisory – Samba Releases Security Updates

Date first published: 13/07/2017


1.0 Introduction
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. 


SeverityTypeVersion
Critical (CVE-2017-11103)Orpheus' Lyre mutual authentication validation bypassAll versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos.


2.0 Impact
A remote attacker could exploit this vulnerability to take control of an affected system.


3.0 Affected Products
 All versions of Samba from 4.0.0 onwards.


4.0 Recommendations
Users and administrators are recommended to review the information in below URL and apply necessary update: 

Workaround:
Samba versions built against MIT Kerberos are not impacted.  Unless
you are running Samba as an AD DC, then rebuild samba using:

 ./configure --with-system-mitkrb5.



Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Cyber999 Mobile Apps: IOS Users or Android Users


5.0 References