ID CVE-2017-14746
Summary Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
References
Vulnerable Configurations
  • Samba 4.0.0
    cpe:2.3:a:samba:samba:4.0.0
  • Samba 4.0.1
    cpe:2.3:a:samba:samba:4.0.1
  • Samba 4.0.2
    cpe:2.3:a:samba:samba:4.0.2
  • Samba 4.0.3
    cpe:2.3:a:samba:samba:4.0.3
  • Samba 4.0.4
    cpe:2.3:a:samba:samba:4.0.4
  • Samba 4.0.5
    cpe:2.3:a:samba:samba:4.0.5
  • Samba 4.0.6
    cpe:2.3:a:samba:samba:4.0.6
  • Samba 4.0.7
    cpe:2.3:a:samba:samba:4.0.7
  • Samba 4.0.8
    cpe:2.3:a:samba:samba:4.0.8
  • Samba 4.0.9
    cpe:2.3:a:samba:samba:4.0.9
  • Samba 4.0.10
    cpe:2.3:a:samba:samba:4.0.10
  • Samba 4.0.11
    cpe:2.3:a:samba:samba:4.0.11
  • Samba 4.0.12
    cpe:2.3:a:samba:samba:4.0.12
  • Samba 4.0.13
    cpe:2.3:a:samba:samba:4.0.13
  • Samba 4.0.14
    cpe:2.3:a:samba:samba:4.0.14
  • Samba 4.0.15
    cpe:2.3:a:samba:samba:4.0.15
  • Samba 4.0.16
    cpe:2.3:a:samba:samba:4.0.16
  • Samba 4.0.17
    cpe:2.3:a:samba:samba:4.0.17
  • Samba 4.0.18
    cpe:2.3:a:samba:samba:4.0.18
  • Samba 4.0.19
    cpe:2.3:a:samba:samba:4.0.19
  • Samba 4.0.20
    cpe:2.3:a:samba:samba:4.0.20
  • Samba 4.0.21
    cpe:2.3:a:samba:samba:4.0.21
  • Samba 4.0.22
    cpe:2.3:a:samba:samba:4.0.22
  • Samba 4.0.23
    cpe:2.3:a:samba:samba:4.0.23
  • Samba 4.0.24
    cpe:2.3:a:samba:samba:4.0.24
  • Samba 4.0.25
    cpe:2.3:a:samba:samba:4.0.25
  • Samba 4.0.26
    cpe:2.3:a:samba:samba:4.0.26
  • Samba 4.1.0
    cpe:2.3:a:samba:samba:4.1.0
  • Samba 4.1.1
    cpe:2.3:a:samba:samba:4.1.1
  • Samba 4.1.2
    cpe:2.3:a:samba:samba:4.1.2
  • Samba 4.1.3
    cpe:2.3:a:samba:samba:4.1.3
  • Samba 4.1.4
    cpe:2.3:a:samba:samba:4.1.4
  • Samba 4.1.5
    cpe:2.3:a:samba:samba:4.1.5
  • Samba 4.1.6
    cpe:2.3:a:samba:samba:4.1.6
  • Samba 4.1.7
    cpe:2.3:a:samba:samba:4.1.7
  • Samba 4.1.8
    cpe:2.3:a:samba:samba:4.1.8
  • Samba 4.1.9
    cpe:2.3:a:samba:samba:4.1.9
  • Samba 4.1.10
    cpe:2.3:a:samba:samba:4.1.10
  • Samba 4.1.11
    cpe:2.3:a:samba:samba:4.1.11
  • Samba 4.1.12
    cpe:2.3:a:samba:samba:4.1.12
  • Samba 4.1.13
    cpe:2.3:a:samba:samba:4.1.13
  • Samba 4.1.14
    cpe:2.3:a:samba:samba:4.1.14
  • Samba 4.1.15
    cpe:2.3:a:samba:samba:4.1.15
  • Samba 4.1.16
    cpe:2.3:a:samba:samba:4.1.16
  • Samba 4.1.17
    cpe:2.3:a:samba:samba:4.1.17
  • Samba 4.1.18
    cpe:2.3:a:samba:samba:4.1.18
  • Samba 4.1.19
    cpe:2.3:a:samba:samba:4.1.19
  • Samba 4.1.20
    cpe:2.3:a:samba:samba:4.1.20
  • Samba 4.1.21
    cpe:2.3:a:samba:samba:4.1.21
  • Samba 4.1.22
    cpe:2.3:a:samba:samba:4.1.22
  • Samba 4.1.23
    cpe:2.3:a:samba:samba:4.1.23
  • Samba 4.2.0
    cpe:2.3:a:samba:samba:4.2.0
  • Samba 4.2.0 release candidate 1
    cpe:2.3:a:samba:samba:4.2.0:rc1
  • Samba 4.2.0 release candidate 2
    cpe:2.3:a:samba:samba:4.2.0:rc2
  • Samba 4.2.0 release candidate 3
    cpe:2.3:a:samba:samba:4.2.0:rc3
  • Samba 4.2.0 release candidate 4
    cpe:2.3:a:samba:samba:4.2.0:rc4
  • Samba 4.2.1
    cpe:2.3:a:samba:samba:4.2.1
  • Samba 4.2.2
    cpe:2.3:a:samba:samba:4.2.2
  • Samba 4.2.3
    cpe:2.3:a:samba:samba:4.2.3
  • Samba 4.2.4
    cpe:2.3:a:samba:samba:4.2.4
  • Samba 4.2.5
    cpe:2.3:a:samba:samba:4.2.5
  • Samba 4.2.6
    cpe:2.3:a:samba:samba:4.2.6
  • Samba 4.2.7
    cpe:2.3:a:samba:samba:4.2.7
  • Samba 4.2.8
    cpe:2.3:a:samba:samba:4.2.8
  • Samba 4.2.9
    cpe:2.3:a:samba:samba:4.2.9
  • Samba 4.2.10
    cpe:2.3:a:samba:samba:4.2.10
  • Samba 4.2.11
    cpe:2.3:a:samba:samba:4.2.11
  • Samba 4.2.12
    cpe:2.3:a:samba:samba:4.2.12
  • Samba 4.2.13
    cpe:2.3:a:samba:samba:4.2.13
  • Samba 4.2.14
    cpe:2.3:a:samba:samba:4.2.14
  • Samba 4.3.0
    cpe:2.3:a:samba:samba:4.3.0
  • Samba 4.3.1
    cpe:2.3:a:samba:samba:4.3.1
  • Samba 4.3.2
    cpe:2.3:a:samba:samba:4.3.2
  • Samba 4.3.3
    cpe:2.3:a:samba:samba:4.3.3
  • Samba 4.3.4
    cpe:2.3:a:samba:samba:4.3.4
  • Samba 4.3.5
    cpe:2.3:a:samba:samba:4.3.5
  • Samba 4.3.6
    cpe:2.3:a:samba:samba:4.3.6
  • Samba 4.3.7
    cpe:2.3:a:samba:samba:4.3.7
  • Samba 4.3.8
    cpe:2.3:a:samba:samba:4.3.8
  • Samba 4.3.9
    cpe:2.3:a:samba:samba:4.3.9
  • Samba 4.3.10
    cpe:2.3:a:samba:samba:4.3.10
  • Samba 4.3.11
    cpe:2.3:a:samba:samba:4.3.11
  • Samba 4.3.12
    cpe:2.3:a:samba:samba:4.3.12
  • Samba 4.3.13
    cpe:2.3:a:samba:samba:4.3.13
  • Samba 4.4.0
    cpe:2.3:a:samba:samba:4.4.0
  • Samba 4.4.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.4.0:rc1
  • Samba 4.4.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.4.0:rc2
  • Samba 4.4.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.4.0:rc3
  • Samba 4.4.1
    cpe:2.3:a:samba:samba:4.4.1
  • Samba 4.4.2
    cpe:2.3:a:samba:samba:4.4.2
  • Samba 4.4.3
    cpe:2.3:a:samba:samba:4.4.3
  • Samba 4.4.4
    cpe:2.3:a:samba:samba:4.4.4
  • Samba 4.4.5
    cpe:2.3:a:samba:samba:4.4.5
  • Samba 4.4.6
    cpe:2.3:a:samba:samba:4.4.6
  • Samba 4.4.7
    cpe:2.3:a:samba:samba:4.4.7
  • Samba 4.4.8
    cpe:2.3:a:samba:samba:4.4.8
  • Samba 4.4.9
    cpe:2.3:a:samba:samba:4.4.9
  • Samba 4.4.10
    cpe:2.3:a:samba:samba:4.4.10
  • Samba 4.4.11
    cpe:2.3:a:samba:samba:4.4.11
  • Samba 4.4.12
    cpe:2.3:a:samba:samba:4.4.12
  • Samba 4.4.13
    cpe:2.3:a:samba:samba:4.4.13
  • Samba 4.4.14
    cpe:2.3:a:samba:samba:4.4.14
  • Samba 4.4.15
    cpe:2.3:a:samba:samba:4.4.15
  • Samba 4.4.16
    cpe:2.3:a:samba:samba:4.4.16
  • Samba 4.5.0
    cpe:2.3:a:samba:samba:4.5.0
  • Samba 4.5.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.5.0:rc1
  • Samba 4.5.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.5.0:rc2
  • Samba 4.5.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.5.0:rc3
  • Samba 4.5.1
    cpe:2.3:a:samba:samba:4.5.1
  • Samba 4.5.2
    cpe:2.3:a:samba:samba:4.5.2
  • Samba 4.5.3
    cpe:2.3:a:samba:samba:4.5.3
  • Samba 4.5.4
    cpe:2.3:a:samba:samba:4.5.4
  • Samba 4.5.5
    cpe:2.3:a:samba:samba:4.5.5
  • Samba 4.5.6
    cpe:2.3:a:samba:samba:4.5.6
  • Samba 4.5.7
    cpe:2.3:a:samba:samba:4.5.7
  • Samba 4.5.8
    cpe:2.3:a:samba:samba:4.5.8
  • Samba 4.5.9
    cpe:2.3:a:samba:samba:4.5.9
  • Samba 4.5.10
    cpe:2.3:a:samba:samba:4.5.10
  • Samba 4.5.11
    cpe:2.3:a:samba:samba:4.5.11
  • Samba 4.5.12
    cpe:2.3:a:samba:samba:4.5.12
  • Samba 4.5.13
    cpe:2.3:a:samba:samba:4.5.13
  • Samba 4.5.14
    cpe:2.3:a:samba:samba:4.5.14
  • Samba 4.5.15
    cpe:2.3:a:samba:samba:4.5.15
  • Samba 4.5.16
    cpe:2.3:a:samba:samba:4.5.16
  • Samba 4.6.0
    cpe:2.3:a:samba:samba:4.6.0
  • Samba 4.6.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.6.0:rc1
  • Samba 4.6.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.6.0:rc2
  • Samba 4.6.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.6.0:rc3
  • Samba 4.6.0 Release Candidate 4
    cpe:2.3:a:samba:samba:4.6.0:rc4
  • Samba 4.6.1
    cpe:2.3:a:samba:samba:4.6.1
  • Samba 4.6.2
    cpe:2.3:a:samba:samba:4.6.2
  • Samba 4.6.3
    cpe:2.3:a:samba:samba:4.6.3
  • Samba 4.6.4
    cpe:2.3:a:samba:samba:4.6.4
  • Samba 4.6.5
    cpe:2.3:a:samba:samba:4.6.5
  • Samba 4.6.6
    cpe:2.3:a:samba:samba:4.6.6
  • Samba 4.6.7
    cpe:2.3:a:samba:samba:4.6.7
  • Samba 4.6.8
    cpe:2.3:a:samba:samba:4.6.8
  • Samba 4.6.9
    cpe:2.3:a:samba:samba:4.6.9
  • Samba 4.6.10
    cpe:2.3:a:samba:samba:4.6.10
  • Samba 4.6.11
    cpe:2.3:a:samba:samba:4.6.11
  • Samba 4.6.12
    cpe:2.3:a:samba:samba:4.6.12
  • Samba 4.6.13
    cpe:2.3:a:samba:samba:4.6.13
  • Samba 4.6.14
    cpe:2.3:a:samba:samba:4.6.14
  • Samba 4.6.15
    cpe:2.3:a:samba:samba:4.6.15
  • Samba 4.6.16
    cpe:2.3:a:samba:samba:4.6.16
  • Samba 4.7.0
    cpe:2.3:a:samba:samba:4.7.0
  • Samba 4.7.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.7.0:rc1
  • Samba 4.7.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.7.0:rc2
  • Samba 4.7.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.7.0:rc3
  • Samba 4.7.0 Release Candidate 4
    cpe:2.3:a:samba:samba:4.7.0:rc4
  • Samba 4.7.0 Release Candidate 5
    cpe:2.3:a:samba:samba:4.7.0:rc5
  • Samba 4.7.0 Release Candidate 6
    cpe:2.3:a:samba:samba:4.7.0:rc6
  • Samba 4.7.1
    cpe:2.3:a:samba:samba:4.7.1
  • Samba 4.7.2
    cpe:2.3:a:samba:samba:4.7.2
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.04
    cpe:2.3:o:canonical:ubuntu_linux:17.04
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1316.NASL
    description This update for samba fixes the following issues : Security issues fixed : - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). - CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565). Bug fixes : - Samba was updated to 4.6.9 (bsc#1065066) see release notes for details. - https://www.samba.org/samba/history/samba-4.6.9.html This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-03-16
    plugin id 105218
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105218
    title openSUSE Security Update : samba (openSUSE-2017-1316)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1315.NASL
    description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.(CVE-2017-15275) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104933
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104933
    title EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1315)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-791C5D52BE.NASL
    description Security fix for CVE-2017-14746 and CVE-2017-15275 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-16
    plugin id 105907
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105907
    title Fedora 27 : 2:samba (2017-791c5d52be)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3155-1.NASL
    description This update for samba fixes the following issues: Security issues fixed : - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). - CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565). Bug fixes : - Samba was updated to 4.6.9 (bsc#1065066) see release notes for details. - https://www.samba.org/samba/history/samba-4.6.9.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104962
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104962
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:3155-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1315.NASL
    description This update for samba fixes the following issues : Security issues fixed : - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). Bug fixes : - Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-03-16
    plugin id 105217
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105217
    title openSUSE Security Update : samba (openSUSE-2017-1315)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3486-1.NASL
    description Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15275). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 104736
    published 2017-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104736
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : samba vulnerabilities (USN-3486-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1238.NASL
    description According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.(CVE-2017-15275) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117547
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117547
    title EulerOS Virtualization 2.5.0 : samba (EulerOS-SA-2018-1238)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171127_SAMBA_ON_SL7_X.NASL
    description Security Fix(es) : - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 104804
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104804
    title Scientific Linux Security Update : samba on SL7.x x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4043.NASL
    description Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing a client to compromise a SMB server via malicious SMB1 requests. - CVE-2017-15275 Volker Lendecke of SerNet and the Samba team discovered that Samba is prone to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 104722
    published 2017-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104722
    title Debian DSA-4043-1 : samba - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-933.NASL
    description Use-after-free in processing SMB1 requests A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) Server heap-memory disclosure A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 105418
    published 2017-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105418
    title Amazon Linux AMI : samba (ALAS-2017-933)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1314.NASL
    description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.(CVE-2017-15275) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104932
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104932
    title EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1314)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-07 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 109974
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109974
    title GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3278.NASL
    description From Red Hat Security Advisory 2017:3278 : An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 104864
    published 2017-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104864
    title Oracle Linux 6 : samba4 (ELSA-2017-3278)
  • NASL family Misc.
    NASL id SAMBA_4_6_11.NASL
    description The version of Samba running on the remote host is 4.5.x prior to 4.5.15, or 4.6.x prior to 4.6.11, or 4.7.x prior to 4.7.3. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 104849
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104849
    title 4.5.x < 4.5.15 / 4.6.x < 4.6.11 / 4.7.x < 4.7.3 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171129_SAMBA4_ON_SL6_X.NASL
    description Security Fix(es) : - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 104868
    published 2017-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104868
    title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-366046C758.NASL
    description Security fix for CVE-2017-14746 and CVE-2017-15275 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-16
    plugin id 104793
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104793
    title Fedora 26 : 2:samba (2017-366046c758)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3260.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104775
    published 2017-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104775
    title RHEL 7 : samba (RHSA-2017:3260)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-332-01.NASL
    description New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-01
    modified 2018-03-16
    plugin id 104788
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104788
    title Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2017-332-01)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3260.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104789
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104789
    title CentOS 7 : samba (CESA-2017:3260)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2321-1.NASL
    description This update for samba fixes the following issues: Security issues fixed : - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Bug fixes : - bsc#1027593: Update 'winbind expand groups' doc in smb.conf man page. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111742
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111742
    title SUSE SLES12 Security Update : samba (SUSE-SU-2018:2321-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3086-1.NASL
    description This update for samba fixes the following issues: Security issues fixed : - CVE-2017-14746: Fixed a use-after-free vulnerability that could be used to crash smbd or potentially execute code (bsc#1060427). - CVE-2017-15275: Fixed a server heap memory information leak (bsc#1063008). Non-security issues fixed : - Update 'winbind expand groups' doc in smb.conf man page; (bsc#1027593). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104781
    published 2017-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104781
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:3086-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3278.NASL
    description An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104843
    published 2017-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104843
    title RHEL 6 : samba4 (RHSA-2017:3278)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3260.NASL
    description From Red Hat Security Advisory 2017:3260 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 104773
    published 2017-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104773
    title Oracle Linux 7 : samba (ELSA-2017-3260)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3261.NASL
    description An update for samba is now available for Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6 and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104800
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104800
    title RHEL 6 / 7 : Storage Server (RHSA-2017:3261)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-3104-1.NASL
    description This update for samba fixes the following issues: Security issues fixed : - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). Bug fixes : - Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 104806
    published 2017-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104806
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:3104-1)
redhat via4
advisories
  • rhsa
    id RHSA-2017:3260
  • rhsa
    id RHSA-2017:3261
  • rhsa
    id RHSA-2017:3278
rpms
  • ctdb-0:4.6.2-12.el7_4
  • ctdb-tests-0:4.6.2-12.el7_4
  • libsmbclient-0:4.6.2-12.el7_4
  • libsmbclient-devel-0:4.6.2-12.el7_4
  • libwbclient-0:4.6.2-12.el7_4
  • libwbclient-devel-0:4.6.2-12.el7_4
  • samba-0:4.6.2-12.el7_4
  • samba-client-0:4.6.2-12.el7_4
  • samba-client-libs-0:4.6.2-12.el7_4
  • samba-common-0:4.6.2-12.el7_4
  • samba-common-libs-0:4.6.2-12.el7_4
  • samba-common-tools-0:4.6.2-12.el7_4
  • samba-dc-0:4.6.2-12.el7_4
  • samba-dc-libs-0:4.6.2-12.el7_4
  • samba-devel-0:4.6.2-12.el7_4
  • samba-krb5-printing-0:4.6.2-12.el7_4
  • samba-libs-0:4.6.2-12.el7_4
  • samba-pidl-0:4.6.2-12.el7_4
  • samba-python-0:4.6.2-12.el7_4
  • samba-test-0:4.6.2-12.el7_4
  • samba-test-libs-0:4.6.2-12.el7_4
  • samba-vfs-glusterfs-0:4.6.2-12.el7_4
  • samba-winbind-0:4.6.2-12.el7_4
  • samba-winbind-clients-0:4.6.2-12.el7_4
  • samba-winbind-krb5-locator-0:4.6.2-12.el7_4
  • samba-winbind-modules-0:4.6.2-12.el7_4
  • samba4-0:4.2.10-12.el6_9
  • samba4-client-0:4.2.10-12.el6_9
  • samba4-common-0:4.2.10-12.el6_9
  • samba4-dc-0:4.2.10-12.el6_9
  • samba4-dc-libs-0:4.2.10-12.el6_9
  • samba4-devel-0:4.2.10-12.el6_9
  • samba4-libs-0:4.2.10-12.el6_9
  • samba4-pidl-0:4.2.10-12.el6_9
  • samba4-python-0:4.2.10-12.el6_9
  • samba4-test-0:4.2.10-12.el6_9
  • samba4-winbind-0:4.2.10-12.el6_9
  • samba4-winbind-clients-0:4.2.10-12.el6_9
  • samba4-winbind-krb5-locator-0:4.2.10-12.el6_9
refmap via4
bid 101907
confirm
debian DSA-4043
gentoo GLSA-201805-07
sectrack 1039856
ubuntu USN-3486-1
Last major update 27-11-2017 - 17:29
Published 27-11-2017 - 17:29
Last modified 21-10-2018 - 06:29
Back to Top