BMAC wrote:
> Folks
> Linux based Servers that Rapid7 has indicated has the CVE-2017-7494
> vulnerability. The system does NOT have any shared file folders. The only
> shared Samba service is shared printers.
>
> The server vendor indicates that since the Linux based servers ONLY has
> "shared printers" it is not vulnerable to CVE-2017-7494 and does not need
> to be patched.
>
> The system is a contained print server that only the Print vendor has
> access to the OS. We cannot access it in any way other then through the
> web portal or sending print jobs to the print shares.
>
> Is the system still vulnerable to CVE-2017-7494?
In it's current state, it appears that your system is not vulnerable to
CVE-2017-7494. However, that does not mean that you system is safe; should
someone change your Samba configuration to permit shared storage, your
system would be vulnerable.
> Does the system still need to be patched to eliminate risk?
Yes, of course. There is a risk, identified by CVE-2017-7494. In your case,
the risk seems small, but it still exists as a risk. If your policy is to
patch systems to eliminate known risks, then you should patch your Samba
installation.
>
> Thanks
--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request