On 2017-05-26 07:38, Francisco F. wrote:
http://blog.segu-info.com.ar/2017/05/ejecucion-remota-de-codigo-en-samba.htm...
¿Algún afectado?
Ya hay parche en openSUSE. Lo que no tengo claro es si la ejecución es en Linux, o es en Windows que importe esa carpeta compartida desde Linux. ---------------------------- Hi folks, We have released Samba updates for all supported Enterprise and openSUSE versions, fixing a remote code execution possibility for authenticated users. The advisory of the Samba team is here: https://www.samba.org/samba/security/CVE-2017-7494.html There is a workaround in the configuration listed, also some impact can be avoided if the writeable share is "noexec" mounted and/or protected using the generated AppArmor share profiles on newer products. SUSE recommends to install these updates as soon as possible. Ciao, Marcus -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))