CVE-2017-7494: Samba Remote Code Execution Vulnerability
First published: Fri May 12 2017(Updated: )
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | >=3.5.0<4.4.0 | |
| Samba | >=4.4.0<4.4.14 | |
| Samba | >=4.5.0<4.5.10 | |
| Samba | >=4.6.0<4.6.4 | |
| Debian | =8.0 | |
| Debian Debian Linux | =8.0 | |
| Samba |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-3860
- http://www.securityfocus.com/bid/98636
- http://www.securitytracker.com/id/1038552
- https://access.redhat.com/errata/RHSA-2017:1270
- https://access.redhat.com/errata/RHSA-2017:1271
- https://access.redhat.com/errata/RHSA-2017:1272
- https://access.redhat.com/errata/RHSA-2017:1273
- https://access.redhat.com/errata/RHSA-2017:1390
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20170524-0001/
- https://www.exploit-db.com/exploits/42060/
- https://www.exploit-db.com/exploits/42084/
- https://www.samba.org/samba/security/CVE-2017-7494.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1455050
- https://bugzilla.redhat.com/show_bug.cgi?id=1450347
- https://www.samba.org/samba/security/CVE-2017-7494.html;
- https://nvd.nist.gov/vuln/detail/CVE-2017-7494
Frequently Asked Questions
What is the CVE ID of the Samba vulnerability?
The CVE ID of the Samba vulnerability is CVE-2017-7494.
What is the title of the Samba vulnerability?
The title of the Samba vulnerability is Samba Remote Code Execution Vulnerability.
What is the description of the Samba vulnerability?
The Samba vulnerability allows a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
What is the affected software by the Samba vulnerability?
The affected software by the Samba vulnerability is Samba.
How can I fix the Samba vulnerability?
To fix the Samba vulnerability, it is recommended to apply the necessary patches or updates provided by Samba.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7494
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/references
- agent/author
- agent/event
- agent/source
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- vendor/samba
- canonical/samba
- version/samba/3.5.0
- version/samba/4.4.0
- version/samba/4.5.0
- version/samba/4.6.0
- vendor/debian
- canonical/debian
- version/debian/8.0
- canonical/debian debian linux
- version/debian debian linux/8.0