IBM BigFix Patch has released Fixlets to the following sites to address the CVE 2017-7494 Sambacry Vulnerability, also known as SambaCry:
-
Patches for CentOS site versions: CentOS 6, CentOS 7, CentOS 6 R2, CentOS 7 R2 -
Patches for OEL site versions: OEL 6 and OEL 7 -
Patches for RHEL site versions: RHEL 6, RHEL 7, RHEL 7 PPC64LE, RHEL 6z RHSM, RHEL 7z RHSM -
Patches for SLE site versions: SLE 11, SLE 12, SLE 11z, -
Patches for Ubuntu site versions: Ubuntu 14 andUbuntu 16
Samba gave the following description in its advisory and has advised upgrades or applying the patch as soon as possible.
“All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.”
No other action is required after applying the Fixlets.
For more information, see https://www.samba.org/samba/security/CVE-2017-7494.html.
Application Engineering team
IBM BigFix Patch