MyCERT Advisories, Alerts and Summaries for the year 2017
MA-674.072017: MyCERT Advisory – Samba Releases Security Updates
Date first published: 13/07/2017
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward.
|Critical (CVE-2017-11103)||Orpheus' Lyre mutual authentication validation bypass||All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos.|
A remote attacker could exploit this vulnerability to take control of an affected system.
3.0 Affected Products
• All versions of Samba from 4.0.0 onwards.
Users and administrators are recommended to review the information in below URL and apply necessary update:
• Security note: https://www.samba.org/samba/security/CVE-2017-11103.html
Samba versions built against MIT Kerberos are not impacted. Unless
you are running Samba as an AD DC, then rebuild samba using:
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT