CSIRT Panam\u00e1 Aviso 2017-05 \u2013 Aviso de Vulnerabilidad en SAMBA<\/p>\n
Gravedad: Cr\u00edtica
\nFecha de publicaci\u00f3n: 26 mayo 2017
\nFecha de modificaci\u00f3n: 26 mayo 2017
\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.
\nFuente: https:\/\/www.samba.org\/samba\/history\/security.html<\/p>\n
Sistemas Afectados
\na. SAMBA 3.5.0 o superior<\/p>\n
I. Descripci\u00f3n
\nEl equipo de SAMBA a publicado actualizaciones de seguridad para
\ncorregir una vulnerabilidad que permite la ejecuci\u00f3n de c\u00f3digo
\narbitrario descrito en CVE-2017-7494.
\nSAMBA es utilizado en los sistemas operativos de GNU\/ Linux o Mac OS X
\nutilizado para compartir conexi\u00f3n de red, archivos e impresoras mediante
\nel puerto 445 con los sistemas operativos de Windows.<\/p>\n
Como contramedida el equipo de Samba recomienda a\u00f1adir el par\u00e1metro:<\/p>\n
“nt pipe support = no”<\/p>\n
a la secci\u00f3n Global de smb y reiniciar smbd.<\/p>\n
II. Impacto
\nComplejidad de Acceso: Media.
\nAutenticaci\u00f3n: No requerida para explotarla.
\nTipo de impacto: Compromiso total del sistema.<\/p>\n
III. Referencia a soluciones, herramientas e informaci\u00f3n
\na. https:\/\/www.samba.org\/samba\/history\/security.html
\nb. https:\/\/www.samba.org\/samba\/security\/CVE-2017-7494.html
\nc. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=2017-7494
\nd. http:\/\/blog.segu-info.com.ar\/2017\/05\/ejecucion-remota-de-codigo-en-samba.html<\/p>\n
IV. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental
\nE-Mail: info@cert.pa
\nWeb: http:\/\/www.cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"
CSIRT Panam\u00e1 Aviso 2017-05 \u2013 Aviso de Vulnerabilidad en SAMBA Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: 26 mayo 2017 Fecha de modificaci\u00f3n: 26 mayo 2017 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: https:\/\/www.samba.org\/samba\/history\/security.html Sistemas Afectados a. SAMBA 3.5.0…<\/p>\n","protected":false},"author":3,"featured_media":594,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-999","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=999"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/999\/revisions"}],"predecessor-version":[{"id":1000,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/999\/revisions\/1000"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/594"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}