PT-2017-4074 · Samba+5 · Samba+5

Yihan Lian

Publicado

2017-11-21

Atualizado

2025-09-29

CVE-2017-14746

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samba versions 4.x before 4.7.3

Description The issue is related to a use-after-free vulnerability in the implementation of the SMB1 protocol in the Samba network interaction software package. This vulnerability can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability allows remote attackers to execute arbitrary code via a crafted SMB1 request, potentially giving them control over the contents of dynamic memory.

Recommendations For Samba versions 4.x before 4.7.3, update to version 4.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMB1 protocol until a patch is available.

Exploit

Correção

RCE

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2017-2679

ALT-PU-2017-2680

ALT-PU-2018-2488

ALT-PU-2018-2489

BDU:2021-01422

CESA-2017_3260

CESA-2017_3278

CVE-2017-14746

DSA-4043-1

ECHO-7B64-2F2D-CA65

MGASA-2018-0023

OPENSUSE-SU-2017_3141-1

OPENSUSE-SU-2024:11365-1

RHSA-2017:3260

RHSA-2017:3261

RHSA-2017:3278

RHSA-2017_3260

RHSA-2017_3278

SUSE-SU-2017:3086-1

SUSE-SU-2017:3104-1

SUSE-SU-2017:3155-1

SUSE-SU-2017_3086-1

SUSE-SU-2017_3104-1

SUSE-SU-2018:2321-1

SUSE-SU-2018_2321-1

USN-3486-1

Produtos afetados

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2017-4074 · Samba+5 · Samba+5

CVE-2017-14746

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 133