MicroTik RouterOS SMB buffer overflow

2018-04-02T00:00:00
ID SAINT:B286E0668612E50B6EDE4736AA55189C
Type saint
Reporter SAINT Corporation
Modified 2018-04-02T00:00:00

Description

Added: 04/02/2018
CVE: CVE-2018-7445
BID: 103427

Background

RouterOS is a Linux-based operating system used by MicroTik devices.

Problem

A buffer overflow in the SMB service could allow a remote, unauthenticated attacker to execute arbitrary commands.

Resolution

Upgrade to RouterOS 6.41.3 or higher, or disable the SMB service.

References

<http://seclists.org/fulldisclosure/2018/Mar/38>

Platforms

Linux