Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya IPOSE R11 in VMware - Samba Issue - CVE-2017-7494 2

Status
Not open for further replies.
effectivecommunicat

effectivecommunicat

IS-IT--Management
Jan 19, 2009
148
US
We have a IPOSE at R11 (upgraded recently in an attempt to correct this per Avaya's documents)


The critical vulnerability still appears in our Nexpose Security Console "Samba CVE-2017-7494: Remote code execution from a writable share" which they classify as critical and Avaya classifies as low. The link above shows the corrective measure is to upgrade to R11 which we already did. Opened a ticket with Avaya and they have been no help at all. It is in an office that is highly regulated with security audits and need to get this addressed.

Anyone out there now how to get this corrected or know how to disable the Samba. They are not using Xima Call Recording Library or Contact Store and i thought they were the only main applications that would use this if on a Windows Server. Any help would be appreciated.

effectivecommunicat
ACIS, ACSS Certified
 
Sort by date Sort by votes
From what I can find RedHat should have fixed this in samba-3.6.23-43.el6
My IPO R11 FP4 SP1 is running Samba 3.6.23-51.el6.

You can check your version by running 'smbd --version' in console.

The question is why Nexpose is still listing this as a vulnerability?

Avaya is listing it as low since Samba shouldn't be running as default on the server.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Quite right, Samba would only be running if someone has configured it. Some of these security suites are no more sophisticated than "you have XXXX installed, therefore you may be at risk". Its like house surveys will always say "there may be damp" - just to cover their arse in case there actually is and they hadn't spotted it.

Anyway, log in to the command line using an SSH client and use the following commands: admin | configure | sharing | disable

The admin password is your Administrator password. The default Configurator password is Configurator. If you want to login actually on the machine (or VMware console), login as Administrator and enter /opt/Avaya/clish

Stuck in a never ending cycle of file copying.
 
Upvote 0 Downvote
Thank you. I will confirm the Samba version and try disabling and have them re-scan.

Just to confirm - The revision of Samba is a part of the R11.0.4.1 OVA/ISO. They are at R11.0.2 right now so if we upgrade the feature pack/service pack that would also update the Samba. Avaya IPOSS team was trying to tell us that the VMware server needed to be patch rather than the Avaya SW which was not making sense since the onlything loaded onto VMware Vm was the Avaya OVA.

effectivecommunicat
ACIS, ACSS Certified
 
Upvote 0 Downvote
Redhat fixed this a long time ago so the fix might already be in R11.0.2

It might just be a false positive where they know there is an issue in Samba 3.6.23 but don't control which build version you are using.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

William C290
  • Solved
IPOSE 12.0 deployed on VMWare 2
Replies
14
Views
1K
derfloh
derfloh
Schwenki
  • Locked
  • Question
Avaya IP Office Vulnerability (CVE-2024-4196) / (CVE-2024-4197)
Replies
3
Views
353
sizbut
sizbut
BrianCosta
  • Locked
  • Question
HDD Space on Avaya IPOSE VMWare 2
Replies
5
Views
203
Albus2
Albus2
BrianCosta
  • Locked
  • Question
Avaya IPOSE - H.323 - IPO500v2
Replies
1
Views
165
derfloh
derfloh
OmegaStar
  • Locked
  • Question
Avaya IPO R11.0 physical server migrate and update to IP0 R12 VMWare
Replies
1
Views
285
JoConnex
JoConnex

Part and Inventory Search

Sponsor

Back
Top