漏洞背景:Samba是在Linux和UNIX系統上實現SMB協議的一個軟件,2017年5月24日Samba發佈了4.6.4版本,中間修復了一個嚴重的遠程代碼執行漏洞,漏洞編號CVE-2017-7494,漏洞影響了Samba 3.5.0 之後到4.6.4/4.5.10/4.4.14中間的所有版本,,確認屬於嚴重漏洞,可以造成遠程代碼執行。
環境準備
×××機:kali2018
靶機:Centos6.5(samba 3.6.9)
靶機部分:
[root@root ~]# yum install samba -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* c6-media:
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:3.6.9-164.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
samba x86_64 3.6.9-164.el6 c6-media 5.0 M
Transaction Summary
===========================================================================================================
Install 1 Package(s)
Total download size: 5.0 M
Installed size: 18 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : samba-3.6.9-164.el6.x86_64 1/1
Verifying : samba-3.6.9-164.el6.x86_64 1/1
Installed:
samba.x86_64 0:3.6.9-164.el6
Complete!
[root@root ~]#
編輯samba配置文件
[root@root ~]# vim /etc/samba/smb.conf
在文件末尾處添加以下部分 開啓匿名訪問
[public]
writeable = yes
path = /etc/public
public = yes
創建匿名目錄
[root@root ~]# mkdir /etc/public
[root@root ~]# chmod 777 /etc/public
重啓samba服務
[root@root ~]# service smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@root ~]#
關閉防火牆 selinux
[root@root ~]# service iptables stop
[root@root ~]# setenforce 0
×××機部分: