Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461)

Summary

IBM SONAS is shipped with Samba, for which a fix is available for security vulnerability.

Vulnerability Details

Samba is used in IBM SONAS to enable file management and authentication services for Microsoft Windows environments.

CVEID: CVE-2017-9461**
DESCRIPTION:** Samba is vulnerable to a denial of service, caused by improper handling of dangling symlinks in smbd. A remote attacker could exploit this vulnerability to cause a fd_open_atomic infinite loop with high CPU usage and memory consumption on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126916 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM SONAS
The product is affected when running a code releases 1.5.0.0 to 1.5.2.7

Remediation/Fixes

A fix for this issue is in version 1.5.2.8 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.8 or a later version, so that the fix gets applied.

Please contact IBM support for assistance in upgrading your system.

Workarounds and Mitigations

Mitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.