CVE-2017-7494 – Samba 漏洞

漏洞警报(CVE-2017-7494)

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Manual fix/Workaround

Add the parameter:
nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.

 

Advertisements

More 1 second (leap second) – 2017

Counting down to 2017 will take more 1 second, e.g.

After 23.59:59 on 31 December, it will be 23:59:60

Leap seconds are a periodic one-second adjustment of Coordinated Universal Time(UTC) in order to keep a system’s time of day close to the mean solar time.

However, the Earth’s rotation speed varies in response to climatic and geological events, and due to this, UTC leap seconds are irregularly spaced and unpredictable.

leap_second_centos_1

For systems (redhat 4/5/6/7) not synchronized by ntpd or ptp an updated tzdata package that contains the December 31st leap second is required.

patch:

tzdata-2016g-2.el4 (redhat4)

tzdata-2016g-2.el5 (redhat5)

tzdata-2016g-2.el6 (redhat 6)

tzdata-2016g-2.el7(redhat 7)

How to Fix Heartbleed Vulnerability in CentOS 6.x

Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.

It allows an attacker to read 64 kilobyte chunks of memory from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

The 64K is enough to steal passwords and server certificate private keys – information that can be used to let malicious services masquerade as genuine ones.

If you have affected Server, use the command yum update, update the package openssl and reboot the system.

Must to have:

It is recommended that you regenerate all SSH keys and reset all passwords across the affected server.

Note:
This vulnerability don’t affected the CentOS 5.x server using OpenSSL 0.9.8. This old version is never contained this heartbleed vulnerability.