PT-2017-2095 · Samba+5 · Samba+5

Publicado

2017-05-24

·

Atualizado

2026-03-10

·

CVE-2017-7494

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Samba versions 3.5.0 through 4.6.4 Samba versions 4.5.0 through 4.5.10 Samba versions 4.4.0 through 4.4.14
Description The issue exists due to insufficient input validation in the Samba network file system. Exploitation of this issue may allow a remote attacker to execute arbitrary code, located in a library placed on a shared network resource, by sending a specially crafted network request to the Samba server. This can be achieved by a malicious client uploading a shared library to a writable share, and then causing the server to load and execute it.
Recommendations For Samba versions 3.5.0 through 4.6.4, update to version 4.6.4 or later. For Samba versions 4.5.0 through 4.5.10, update to version 4.5.10 or later. For Samba versions 4.4.0 through 4.4.14, update to version 4.4.14 or later. As a temporary workaround, consider restricting access to writable shares to minimize the risk of exploitation.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-20

Identificadores relacionados

ALT-PU-2017-1649
ALT-PU-2017-1650
ALT-PU-2018-2488
ALT-PU-2018-2489
BDU:2017-01262
CESA-2017_1270
CESA-2017_1271
CVE-2017-7494
DLA-951-1
DSA-3860-1
ECHO-A98D-272F-29E3
ELSA-2017-1270
ELSA-2017-1271
MGASA-2017-0145
OPENSUSE-SU-2017_1401-1
OPENSUSE-SU-2017_1415-1
OPENSUSE-SU-2024:11365-1
RHSA-2017:1270
RHSA-2017:1271
RHSA-2017:1272
RHSA-2017:1273
RHSA-2017:1390
RHSA-2017_1270
RHSA-2017_1271
RHSA-2017_1272
SUSE-SU-2017:1391-1
SUSE-SU-2017:1392-1
SUSE-SU-2017:1393-1
SUSE-SU-2017:1396-1
SUSE-SU-2017_1391-1
SUSE-SU-2017_1392-1
SUSE-SU-2017_1393-1
SUSE-SU-2017_1396-1
USN-3296-1
USN-3296-2

Produtos afetados

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu