=Start=
缘由:
Samba是在Linux和UNIX系统上实现SMB协议的一个软件。2017年5月24日Samba发布了4.6.4版本,修复了一个严重的远程代码执行漏洞,漏洞编号CVE-2017-7494,漏洞影响了Samba 3.5.0 之后到4.6.4/4.5.10/4.4.14中间的所有版本。
正文:
参考解答:
一、在CentOS上安装 Samba 进行测试
# 源码安装
$ wget https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.gz && tar zxf samba-4.6.4.tar.gz && cd samba-4.6.4$ ./configure && make && sudo make install |
# 用RPM方式进行安装(CentOS6 & CentOS7)
https://www.howtoforge.com/centos-6.4-samba-standalone-server-with-tdbsam-backend
https://rbgeek.wordpress.com/2012/05/25/how-to-install-samba-server-on-centos-6/
https://www.cnblogs.com/mchina/archive/2012/12/18/2816717.html
http://sharadchhetri.com/2013/02/17/how-to-install-and-configure-samba-server-in-centos-6/
https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7
# yum install cups-libs samba samba-common# smbd -V# ps aux | grep smbd# /etc/init.d/smb restart# ps aux | grep smbd |
二、检测服务器上正在运行的Samba的版本
步骤一:检测Samba是否已经安装# rpm -qa | grep samba# dpkg -l | grep samba# 或# which smbd# which smbstatus# 或# find / -executable -name samba步骤二:检测Samba是否正在运行# ps aux | grep smbd步骤三:检测Samba的版本# smbstatus# /usr/local/samba/bin/smbd -D |
参考链接:
[Samba] How to check which current version you’re running ????
https://lists.samba.org/archive/samba/2002-July/047123.html
https://serverfault.com/questions/122025/how-do-i-view-what-version-of-samba-i-am-running-for-my-domain-controler
https://support.symantec.com/en_US/article.TECH9222.html
https://unix.stackexchange.com/questions/121823/how-to-check-if-samba-is-installed
【国际资讯】CVE-2017-7494:Linux版“永恒之蓝”远程代码执行漏洞预警
http://bobao.360.cn/news/detail/4180.html
【高危预警】Samba远程代码执行漏洞(CVE-2017-7494)分析
http://bobao.360.cn/learning/detail/3900.html
https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/
http://www.samba.org/samba/security/
=END=
《 “Linux下如何检测运行中Samba的版本” 》 有 3 条评论
Samba 3.5.0 – Remote Code Execution Python 版本测试代码
https://www.exploit-db.com/exploits/42060/
【漏洞分析】Samba远程代码执行漏洞(CVE-2017-7494)-SambaCry分析报告
http://bobao.360.cn/learning/detail/3915.html
漏洞预警|Samba远程代码执行漏洞,影响7年前版本
http://www.freebuf.com/vuls/135624.html
[漏洞分析]Samba远程代码执行漏洞(CVE-2017-7494)分析
https://xianzhi.aliyun.com/forum/read/1728.html
https://www.samba.org/samba/history/security.html
LinuxFlaw – 大量 Linux 软件漏洞整理收集
https://github.com/VulnReproduction/LinuxFlaw