/build/static/layout/Breadcrumb_cap_w.png

Blog Posts by Shootifitmoves

Ask a question

K1000 and K2000 SAMBA remote code execution vulnerability

According to a Nexpose scan, both our K1000 and K2000 show as vulnerable to the following SAMBA bulletin.
I have not seen anything from Quest regarding this.

https://www.samba.org/samba/security/CVE-2017-7494.html
====================================================================
== Subject:     Remote code execution from a writable share.
==
== CVE ID#:     CVE-2017-7494
==
== Versions:    All versions of Samba from 3.5.0 onwards.
==
== Summary:     Malicious clients can upload and cause the smbd server
==              to execute a shared library from a writable share.
==
====================================================================

===========
Description
===========

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.

=======
Credits
=======

This problem was found by steelo <knownsteelo@gmail.com>. Volker
Lendecke of SerNet and the Samba Team provided the fix.

View comments (2)

KACE K1000 Script to uninstall all versions of iTunes

I discovered that the K1000 msi configuration policy uninstaller fails to work for iTunes version 12 (it worked for 11, why it no longer works, I don't know).
When I ran the script created by the policy, it ran successfully (so it said), but inventory showed iTunes still installed. Bummer.
So I turned to the old standby, VBScript to uninstall it.
Here it is if anyone needs it:
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set WshShell = CreateObject("wscript.Shell")

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

For Each subkey In arrSubKeys
strDisplayName = WshShell.RegRead ("HKLM\" & strKeyPath & "\" & subkey & "\DisplayName")
If strDisplayName = "iTunes" Then
WshShell.Run "msiexec.exe /X " & SubKey & " /qn", 7, True
End If
Next

Be the first to comment

How to deploy Java JRE7u5 32 bit to 64 bit machines as system account using KACE

Situation:

Trying to install Java JRE1.7.0_05 using a K1000 appliance fails.

Running the application manually as system using psexec or other means also fails.

Workaround:

Start the jre-7u5-windows-i586.exe program manually.  Browse to where it has extracted the temp files (C:\users\<someuserprofile>\appdata\locallow\sun or similar).

Zip together the jre1.7.0_05.msi and Data1.cab files (you can cancel the started installation after this).  Associate the zip file with the jre1.7.0_05 software resource in the K1000.

Click on the Scripting menu, then the Configuration Policy tab, and select MSI Installer Wizard.

Action:               Install

Software:           Java(TM) 7 Update 5 (7.0.50)

User interaction: Silent

ALLUSERS=1:    Checked

After Install:       Delete Files

Logging:            Error Messages

Log File Name:    Whateveryou want.log

View comments (5)
Showing 1 - 3 of 3 results

Top Contributors

Talk About Software Deployment