PT-2017-2095 · Samba+5 · Samba+5

Published

2017-05-24

·

Updated

2026-03-10

·

CVE-2017-7494

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Samba versions 3.5.0 through 4.6.4 Samba versions 4.5.0 through 4.5.10 Samba versions 4.4.0 through 4.4.14
Description The issue exists due to insufficient input validation in the Samba network file system. Exploitation of this issue may allow a remote attacker to execute arbitrary code, located in a library placed on a shared network resource, by sending a specially crafted network request to the Samba server. This can be achieved by a malicious client uploading a shared library to a writable share, and then causing the server to load and execute it.
Recommendations For Samba versions 3.5.0 through 4.6.4, update to version 4.6.4 or later. For Samba versions 4.5.0 through 4.5.10, update to version 4.5.10 or later. For Samba versions 4.4.0 through 4.4.14, update to version 4.4.14 or later. As a temporary workaround, consider restricting access to writable shares to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

ALT-PU-2017-1649
ALT-PU-2017-1650
ALT-PU-2018-2488
ALT-PU-2018-2489
BDU:2017-01262
CESA-2017_1270
CESA-2017_1271
CVE-2017-7494
DLA-951-1
DSA-3860-1
ECHO-A98D-272F-29E3
ELSA-2017-1270
ELSA-2017-1271
MGASA-2017-0145
OPENSUSE-SU-2017_1401-1
OPENSUSE-SU-2017_1415-1
OPENSUSE-SU-2024:11365-1
RHSA-2017:1270
RHSA-2017:1271
RHSA-2017:1272
RHSA-2017:1273
RHSA-2017:1390
RHSA-2017_1270
RHSA-2017_1271
RHSA-2017_1272
SUSE-SU-2017:1391-1
SUSE-SU-2017:1392-1
SUSE-SU-2017:1393-1
SUSE-SU-2017:1396-1
SUSE-SU-2017_1391-1
SUSE-SU-2017_1392-1
SUSE-SU-2017_1393-1
SUSE-SU-2017_1396-1
USN-3296-1
USN-3296-2

Affected Products

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu