ID CVE-2017-7494
Summary Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
References
Vulnerable Configurations
  • Samba 3.5.0
    cpe:2.3:a:samba:samba:3.5.0
  • Samba 3.5.1
    cpe:2.3:a:samba:samba:3.5.1
  • Samba 3.5.2
    cpe:2.3:a:samba:samba:3.5.2
  • Samba 3.5.3
    cpe:2.3:a:samba:samba:3.5.3
  • Samba 3.5.4
    cpe:2.3:a:samba:samba:3.5.4
  • Samba 3.5.5
    cpe:2.3:a:samba:samba:3.5.5
  • Samba 3.5.6
    cpe:2.3:a:samba:samba:3.5.6
  • Samba 3.5.7
    cpe:2.3:a:samba:samba:3.5.7
  • Samba 3.5.8
    cpe:2.3:a:samba:samba:3.5.8
  • Samba 3.5.9
    cpe:2.3:a:samba:samba:3.5.9
  • Samba 3.5.10
    cpe:2.3:a:samba:samba:3.5.10
  • Samba 3.5.11
    cpe:2.3:a:samba:samba:3.5.11
  • Samba 3.5.12
    cpe:2.3:a:samba:samba:3.5.12
  • Samba 3.5.13
    cpe:2.3:a:samba:samba:3.5.13
  • Samba 3.5.14
    cpe:2.3:a:samba:samba:3.5.14
  • Samba 3.5.15
    cpe:2.3:a:samba:samba:3.5.15
  • Samba 3.5.16
    cpe:2.3:a:samba:samba:3.5.16
  • Samba 3.5.17
    cpe:2.3:a:samba:samba:3.5.17
  • Samba 3.5.18
    cpe:2.3:a:samba:samba:3.5.18
  • Samba 3.5.19
    cpe:2.3:a:samba:samba:3.5.19
  • Samba 3.5.20
    cpe:2.3:a:samba:samba:3.5.20
  • Samba 3.5.21
    cpe:2.3:a:samba:samba:3.5.21
  • Samba 3.5.22
    cpe:2.3:a:samba:samba:3.5.22
  • Samba 3.6.0
    cpe:2.3:a:samba:samba:3.6.0
  • Samba 3.6.1
    cpe:2.3:a:samba:samba:3.6.1
  • Samba 3.6.2
    cpe:2.3:a:samba:samba:3.6.2
  • Samba 3.6.3
    cpe:2.3:a:samba:samba:3.6.3
  • Samba 3.6.4
    cpe:2.3:a:samba:samba:3.6.4
  • Samba 3.6.5
    cpe:2.3:a:samba:samba:3.6.5
  • Samba 3.6.6
    cpe:2.3:a:samba:samba:3.6.6
  • Samba 3.6.7
    cpe:2.3:a:samba:samba:3.6.7
  • Samba 3.6.8
    cpe:2.3:a:samba:samba:3.6.8
  • Samba 3.6.9
    cpe:2.3:a:samba:samba:3.6.9
  • Samba 3.6.10
    cpe:2.3:a:samba:samba:3.6.10
  • Samba 3.6.11
    cpe:2.3:a:samba:samba:3.6.11
  • Samba 3.6.12
    cpe:2.3:a:samba:samba:3.6.12
  • Samba 3.6.13
    cpe:2.3:a:samba:samba:3.6.13
  • Samba 3.6.14
    cpe:2.3:a:samba:samba:3.6.14
  • Samba 3.6.15
    cpe:2.3:a:samba:samba:3.6.15
  • Samba 3.6.16
    cpe:2.3:a:samba:samba:3.6.16
  • Samba 3.6.17
    cpe:2.3:a:samba:samba:3.6.17
  • Samba 3.6.18
    cpe:2.3:a:samba:samba:3.6.18
  • Samba 3.6.19
    cpe:2.3:a:samba:samba:3.6.19
  • Samba 3.6.20
    cpe:2.3:a:samba:samba:3.6.20
  • Samba 3.6.21
    cpe:2.3:a:samba:samba:3.6.21
  • Samba 3.6.22
    cpe:2.3:a:samba:samba:3.6.22
  • Samba 3.6.23
    cpe:2.3:a:samba:samba:3.6.23
  • Samba 3.6.24
    cpe:2.3:a:samba:samba:3.6.24
  • Samba 3.6.25
    cpe:2.3:a:samba:samba:3.6.25
  • Samba 4.0.0
    cpe:2.3:a:samba:samba:4.0.0
  • Samba 4.0.1
    cpe:2.3:a:samba:samba:4.0.1
  • Samba 4.0.2
    cpe:2.3:a:samba:samba:4.0.2
  • Samba 4.0.3
    cpe:2.3:a:samba:samba:4.0.3
  • Samba 4.0.4
    cpe:2.3:a:samba:samba:4.0.4
  • Samba 4.0.5
    cpe:2.3:a:samba:samba:4.0.5
  • Samba 4.0.6
    cpe:2.3:a:samba:samba:4.0.6
  • Samba 4.0.7
    cpe:2.3:a:samba:samba:4.0.7
  • Samba 4.0.8
    cpe:2.3:a:samba:samba:4.0.8
  • Samba 4.0.9
    cpe:2.3:a:samba:samba:4.0.9
  • Samba 4.0.10
    cpe:2.3:a:samba:samba:4.0.10
  • Samba 4.0.11
    cpe:2.3:a:samba:samba:4.0.11
  • Samba 4.0.12
    cpe:2.3:a:samba:samba:4.0.12
  • Samba 4.0.13
    cpe:2.3:a:samba:samba:4.0.13
  • Samba 4.0.14
    cpe:2.3:a:samba:samba:4.0.14
  • Samba 4.0.15
    cpe:2.3:a:samba:samba:4.0.15
  • Samba 4.0.16
    cpe:2.3:a:samba:samba:4.0.16
  • Samba 4.0.17
    cpe:2.3:a:samba:samba:4.0.17
  • Samba 4.0.18
    cpe:2.3:a:samba:samba:4.0.18
  • Samba 4.0.19
    cpe:2.3:a:samba:samba:4.0.19
  • Samba 4.0.20
    cpe:2.3:a:samba:samba:4.0.20
  • Samba 4.0.21
    cpe:2.3:a:samba:samba:4.0.21
  • Samba 4.0.22
    cpe:2.3:a:samba:samba:4.0.22
  • Samba 4.0.23
    cpe:2.3:a:samba:samba:4.0.23
  • Samba 4.0.24
    cpe:2.3:a:samba:samba:4.0.24
  • Samba 4.0.25
    cpe:2.3:a:samba:samba:4.0.25
  • Samba 4.0.26
    cpe:2.3:a:samba:samba:4.0.26
  • Samba 4.1.0
    cpe:2.3:a:samba:samba:4.1.0
  • Samba 4.1.1
    cpe:2.3:a:samba:samba:4.1.1
  • Samba 4.1.2
    cpe:2.3:a:samba:samba:4.1.2
  • Samba 4.1.3
    cpe:2.3:a:samba:samba:4.1.3
  • Samba 4.1.4
    cpe:2.3:a:samba:samba:4.1.4
  • Samba 4.1.5
    cpe:2.3:a:samba:samba:4.1.5
  • Samba 4.1.6
    cpe:2.3:a:samba:samba:4.1.6
  • Samba 4.1.7
    cpe:2.3:a:samba:samba:4.1.7
  • Samba 4.1.8
    cpe:2.3:a:samba:samba:4.1.8
  • Samba 4.1.9
    cpe:2.3:a:samba:samba:4.1.9
  • Samba 4.1.10
    cpe:2.3:a:samba:samba:4.1.10
  • Samba 4.1.11
    cpe:2.3:a:samba:samba:4.1.11
  • Samba 4.1.12
    cpe:2.3:a:samba:samba:4.1.12
  • Samba 4.1.13
    cpe:2.3:a:samba:samba:4.1.13
  • Samba 4.1.14
    cpe:2.3:a:samba:samba:4.1.14
  • Samba 4.1.15
    cpe:2.3:a:samba:samba:4.1.15
  • Samba 4.1.16
    cpe:2.3:a:samba:samba:4.1.16
  • Samba 4.1.17
    cpe:2.3:a:samba:samba:4.1.17
  • Samba 4.1.18
    cpe:2.3:a:samba:samba:4.1.18
  • Samba 4.1.19
    cpe:2.3:a:samba:samba:4.1.19
  • Samba 4.1.20
    cpe:2.3:a:samba:samba:4.1.20
  • Samba 4.1.21
    cpe:2.3:a:samba:samba:4.1.21
  • Samba 4.1.22
    cpe:2.3:a:samba:samba:4.1.22
  • Samba 4.1.23
    cpe:2.3:a:samba:samba:4.1.23
  • Samba 4.2.0 release candidate 1
    cpe:2.3:a:samba:samba:4.2.0:rc1
  • Samba 4.2.0 release candidate 2
    cpe:2.3:a:samba:samba:4.2.0:rc2
  • Samba 4.2.0 release candidate 3
    cpe:2.3:a:samba:samba:4.2.0:rc3
  • Samba 4.2.0 release candidate 4
    cpe:2.3:a:samba:samba:4.2.0:rc4
  • Samba 4.2.1
    cpe:2.3:a:samba:samba:4.2.1
  • Samba 4.2.2
    cpe:2.3:a:samba:samba:4.2.2
  • Samba 4.2.3
    cpe:2.3:a:samba:samba:4.2.3
  • Samba 4.2.4
    cpe:2.3:a:samba:samba:4.2.4
  • Samba 4.2.5
    cpe:2.3:a:samba:samba:4.2.5
  • Samba 4.2.6
    cpe:2.3:a:samba:samba:4.2.6
  • Samba 4.2.7
    cpe:2.3:a:samba:samba:4.2.7
  • Samba 4.2.8
    cpe:2.3:a:samba:samba:4.2.8
  • Samba 4.2.9
    cpe:2.3:a:samba:samba:4.2.9
  • Samba 4.2.10
    cpe:2.3:a:samba:samba:4.2.10
  • Samba 4.2.11
    cpe:2.3:a:samba:samba:4.2.11
  • Samba 4.2.12
    cpe:2.3:a:samba:samba:4.2.12
  • Samba 4.2.13
    cpe:2.3:a:samba:samba:4.2.13
  • Samba 4.2.14
    cpe:2.3:a:samba:samba:4.2.14
  • Samba 4.3.0
    cpe:2.3:a:samba:samba:4.3.0
  • Samba 4.3.1
    cpe:2.3:a:samba:samba:4.3.1
  • Samba 4.3.2
    cpe:2.3:a:samba:samba:4.3.2
  • Samba 4.3.3
    cpe:2.3:a:samba:samba:4.3.3
  • Samba 4.3.4
    cpe:2.3:a:samba:samba:4.3.4
  • Samba 4.3.5
    cpe:2.3:a:samba:samba:4.3.5
  • Samba 4.3.6
    cpe:2.3:a:samba:samba:4.3.6
  • Samba 4.3.7
    cpe:2.3:a:samba:samba:4.3.7
  • Samba 4.3.8
    cpe:2.3:a:samba:samba:4.3.8
  • Samba 4.3.9
    cpe:2.3:a:samba:samba:4.3.9
  • Samba 4.3.10
    cpe:2.3:a:samba:samba:4.3.10
  • Samba 4.3.11
    cpe:2.3:a:samba:samba:4.3.11
  • Samba 4.4.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.4.0:rc1
  • Samba 4.4.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.4.0:rc2
  • Samba 4.4.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.4.0:rc3
  • Samba 4.4.1
    cpe:2.3:a:samba:samba:4.4.1
  • Samba 4.4.2
    cpe:2.3:a:samba:samba:4.4.2
  • Samba 4.4.3
    cpe:2.3:a:samba:samba:4.4.3
  • Samba 4.4.4
    cpe:2.3:a:samba:samba:4.4.4
  • Samba 4.4.5
    cpe:2.3:a:samba:samba:4.4.5
  • Samba 4.4.6
    cpe:2.3:a:samba:samba:4.4.6
  • Samba 4.4.7
    cpe:2.3:a:samba:samba:4.4.7
  • Samba 4.4.8
    cpe:2.3:a:samba:samba:4.4.8
  • Samba 4.4.9
    cpe:2.3:a:samba:samba:4.4.9
  • Samba 4.4.10
    cpe:2.3:a:samba:samba:4.4.10
  • Samba 4.4.11
    cpe:2.3:a:samba:samba:4.4.11
  • Samba 4.4.12
    cpe:2.3:a:samba:samba:4.4.12
  • Samba 4.4.13
    cpe:2.3:a:samba:samba:4.4.13
  • Samba 4.5.0
    cpe:2.3:a:samba:samba:4.5.0
  • Samba 4.5.1
    cpe:2.3:a:samba:samba:4.5.1
  • Samba 4.5.2
    cpe:2.3:a:samba:samba:4.5.2
  • Samba 4.5.3
    cpe:2.3:a:samba:samba:4.5.3
  • Samba 4.5.4
    cpe:2.3:a:samba:samba:4.5.4
  • Samba 4.5.5
    cpe:2.3:a:samba:samba:4.5.5
  • Samba 4.5.6
    cpe:2.3:a:samba:samba:4.5.6
  • Samba 4.5.7
    cpe:2.3:a:samba:samba:4.5.7
  • Samba 4.5.8
    cpe:2.3:a:samba:samba:4.5.8
  • Samba 4.5.9
    cpe:2.3:a:samba:samba:4.5.9
  • Samba 4.6.0
    cpe:2.3:a:samba:samba:4.6.0
  • Samba 4.6.1
    cpe:2.3:a:samba:samba:4.6.1
  • Samba 4.6.2
    cpe:2.3:a:samba:samba:4.6.2
  • Samba 4.6.3
    cpe:2.3:a:samba:samba:4.6.3
  • Samba 4.6.5
    cpe:2.3:a:samba:samba:4.6.5
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
exploit-db via4
  • description Samba 3.5.0 - Remote Code Execution. CVE-2017-7494. Remote exploit for Linux platform
    file exploits/linux/remote/42060.py
    id EDB-ID:42060
    last seen 2017-05-25
    modified 2017-05-24
    platform linux
    port
    published 2017-05-24
    reporter Exploit-DB
    source https://www.exploit-db.com/download/42060/
    title Samba 3.5.0 - Remote Code Execution
    type remote
  • description Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit). CVE-2017-7494. Remote exploit for Linux platform. Tags: Metasploit Framework
    file exploits/linux/remote/42084.rb
    id EDB-ID:42084
    last seen 2017-05-30
    modified 2017-05-29
    platform linux
    port
    published 2017-05-29
    reporter Exploit-DB
    source https://www.exploit-db.com/download/42084/
    title Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
    type remote
metasploit via4
description This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.
id MSF:EXPLOIT/LINUX/SAMBA/IS_KNOWN_PIPENAME
last seen 2018-09-01
modified 2018-08-10
published 2017-05-25
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/samba/is_known_pipename.rb
title Samba is_known_pipename() Arbitrary Module Load
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1390.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, and Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 100631
    published 2017-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100631
    title RHEL 6 / 7 : samba (RHSA-2017:1390) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-618.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] This update was imported from SUSE:SLE-12-SP1:Update project. NOTE: This update is released in openSUSE Leap 42.1 after its official End Of Life only because of its severity and potential impact for users that have not migrated yet. Please upgrade your openSUSE Leap 42.1 as soon as possible.
    last seen 2018-09-02
    modified 2018-01-26
    plugin id 100499
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100499
    title openSUSE Security Update : samba (openSUSE-2017-618) (SambaCry)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-642A0ECA75.NASL
    description Security fix for CVE-2017-7494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-02-01
    plugin id 100490
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100490
    title Fedora 25 : 2:samba (2017-642a0eca75) (SambaCry)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170524_SAMBA4_ON_SL6_X.NASL
    description Security Fix(es) : - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 100402
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100402
    title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (SambaCry)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1105.NASL
    description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-10
    plugin id 100698
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100698
    title EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1105)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1272.NASL
    description From Red Hat Security Advisory 2017:1272 : An update for samba3x is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 100505
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100505
    title Oracle Linux 5 : samba3x (ELSA-2017-1272) (SambaCry)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3296-1.NASL
    description It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 100411
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100411
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3296-1) (SambaCry)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6F4D96C0406211E7B291B499BAEBFEAF.NASL
    description The samba project reports : Remote code execution from a writable share. All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
    last seen 2018-09-01
    modified 2018-02-01
    plugin id 100393
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100393
    title FreeBSD : samba -- remote code execution vulnerability (6f4d96c0-4062-11e7-b291-b499baebfeaf) (SambaCry)
  • NASL family Misc.
    NASL id SAMBA_4_6_4.NASL
    description The version of Samba running on the remote host is 3.5.x prior to 4.4.x, or it is 4.4.x prior to 4.4.14, 4.5.x prior to 4.5.10, or 4.6.x prior to 4.6.4. It is, therefore, affected by an unspecified remote code execution vulnerability. An authenticated, remote attacker can exploit this, via a specially crafted shared library uploaded to a writable share, to cause the server to load and execute arbitrary code with root privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-30
    plugin id 100388
    published 2017-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100388
    title Samba 3.5.x < 4.4 / 4.4.x < 4.4.14 / 4.5.x < 4.5.10 / 4.6.x < 4.6.4 Shared Library RCE
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1270.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 100400
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100400
    title RHEL 6 / 7 : samba (RHSA-2017:1270) (SambaCry)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1272.NASL
    description An update for samba3x is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 100452
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100452
    title RHEL 5 : samba3x (RHSA-2017:1272) (SambaCry)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-07 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-06-07
    plugin id 109974
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109974
    title GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-144-01.NASL
    description New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 100389
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100389
    title Slackware 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : samba (SSA:2017-144-01) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1396-1.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 100407
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100407
    title SUSE SLES12 Security Update : samba (SUSE-SU-2017:1396-1) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1392-1.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-31
    plugin id 100405
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100405
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:1392-1) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1393-1.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-31
    plugin id 100406
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100406
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:1393-1) (SambaCry)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-C729C6123C.NASL
    description Security fix for CVE-2017-7494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-02-02
    plugin id 101717
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101717
    title Fedora 26 : 2:samba (2017-c729c6123c) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-613.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 100394
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100394
    title openSUSE Security Update : samba (openSUSE-2017-613) (SambaCry)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-570C0071C4.NASL
    description Security fix for CVE-2017-7494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-02-01
    plugin id 100489
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100489
    title Fedora 24 : 2:samba (2017-570c0071c4) (SambaCry)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1273.NASL
    description An update for samba is now available for Red Hat Gluster Storage 3.2 for RHEL 6 and Red Hat Gluster Storage 3.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 100453
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100453
    title RHEL 6 / 7 : Storage Server (RHSA-2017:1273) (SambaCry)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170524_SAMBA_ON_SL6_X.NASL
    description Security Fix(es) : - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 100403
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100403
    title Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (SambaCry)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3860.NASL
    description steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.
    last seen 2018-09-01
    modified 2018-07-10
    plugin id 100391
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100391
    title Debian DSA-3860-1 : samba - security update (SambaCry)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1271.NASL
    description From Red Hat Security Advisory 2017:1271 : An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 100397
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100397
    title Oracle Linux 6 : samba4 (ELSA-2017-1271) (SambaCry)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1271.NASL
    description An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 101473
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101473
    title Virtuozzo 6 : samba4 / samba4-client / samba4-common / samba4-dc / etc (VZLSA-2017-1271)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3296-2.NASL
    description USN-3296-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-03
    plugin id 100412
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100412
    title Ubuntu 12.04 LTS : samba vulnerability (USN-3296-2) (SambaCry)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1270.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 101472
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101472
    title Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1270)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA_10826.NASL
    description According to its self-reported version number, the version of Junos Space running on the remote device is < 17.1R1, and is therefore affected by multiple vulnerabilities.
    last seen 2018-09-01
    modified 2018-07-13
    plugin id 104100
    published 2017-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104100
    title Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-834.NASL
    description A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 100554
    published 2017-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100554
    title Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1270.NASL
    description From Red Hat Security Advisory 2017:1270 : An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 100396
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100396
    title Oracle Linux 6 / 7 : samba (ELSA-2017-1270) (SambaCry)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1271.NASL
    description An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 100429
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100429
    title CentOS 6 : samba4 (CESA-2017:1271) (SambaCry)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-951.NASL
    description steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. For Debian 7 'Wheezy', these problems have been fixed in version 2:3.6.6-6+deb7u13. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-09
    plugin id 100390
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100390
    title Debian DLA-951-1 : samba security update (SambaCry)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1270.NASL
    description An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-01
    modified 2018-01-25
    plugin id 100428
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100428
    title CentOS 6 / 7 : samba (CESA-2017:1270) (SambaCry)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1271.NASL
    description An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 100401
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100401
    title RHEL 6 : samba4 (RHSA-2017:1271) (SambaCry)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1391-1.NASL
    description This update for samba fixes the following issue : - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 100404
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100404
    title SUSE SLES11 Security Update : samba (SUSE-SU-2017:1391-1) (SambaCry)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1104.NASL
    description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-10
    plugin id 100697
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100697
    title EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104)
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 1450347
    title CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE (SambaCry)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment ctdb is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270025
          • comment ctdb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006014
        • AND
          • comment ctdb-tests is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270051
          • comment ctdb-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006036
        • AND
          • comment libsmbclient is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270017
          • comment libsmbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860012
        • AND
          • comment libsmbclient-devel is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270007
          • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860022
        • AND
          • comment libwbclient is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270047
          • comment libwbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867026
        • AND
          • comment libwbclient-devel is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270013
          • comment libwbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867008
        • AND
          • comment samba is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270037
          • comment samba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860006
        • AND
          • comment samba-client is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270005
          • comment samba-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860014
        • AND
          • comment samba-client-libs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270031
          • comment samba-client-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006044
        • AND
          • comment samba-common is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270053
          • comment samba-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860016
        • AND
          • comment samba-common-libs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270029
          • comment samba-common-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006012
        • AND
          • comment samba-common-tools is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270043
          • comment samba-common-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006016
        • AND
          • comment samba-dc is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270049
          • comment samba-dc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867028
        • AND
          • comment samba-dc-libs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270027
          • comment samba-dc-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867014
        • AND
          • comment samba-devel is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270019
          • comment samba-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867020
        • AND
          • comment samba-krb5-printing is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270023
          • comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20171265006
        • AND
          • comment samba-libs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270015
          • comment samba-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867024
        • AND
          • comment samba-pidl is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270055
          • comment samba-pidl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867022
        • AND
          • comment samba-python is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270039
          • comment samba-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867010
        • AND
          • comment samba-test is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270035
          • comment samba-test is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867040
        • AND
          • comment samba-test-libs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270033
          • comment samba-test-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006028
        • AND
          • comment samba-vfs-glusterfs is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270041
          • comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867044
        • AND
          • comment samba-winbind is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270021
          • comment samba-winbind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860010
        • AND
          • comment samba-winbind-clients is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270011
          • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860020
        • AND
          • comment samba-winbind-krb5-locator is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270045
          • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111221018
        • AND
          • comment samba-winbind-modules is earlier than 0:4.4.4-14.el7_3
            oval oval:com.redhat.rhsa:tst:20171270009
          • comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867016
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment libsmbclient is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270065
          • comment libsmbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860012
        • AND
          • comment libsmbclient-devel is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270063
          • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860022
        • AND
          • comment samba is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270064
          • comment samba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860006
        • AND
          • comment samba-client is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270066
          • comment samba-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860014
        • AND
          • comment samba-common is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270071
          • comment samba-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860016
        • AND
          • comment samba-doc is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270072
          • comment samba-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860026
        • AND
          • comment samba-domainjoin-gui is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270061
          • comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860024
        • AND
          • comment samba-glusterfs is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270077
          • comment samba-glusterfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150251030
        • AND
          • comment samba-swat is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270074
          • comment samba-swat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860008
        • AND
          • comment samba-winbind is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270070
          • comment samba-winbind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860010
        • AND
          • comment samba-winbind-clients is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270076
          • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860020
        • AND
          • comment samba-winbind-devel is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270068
          • comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860018
        • AND
          • comment samba-winbind-krb5-locator is earlier than 0:3.6.23-43.el6_9
            oval oval:com.redhat.rhsa:tst:20171270067
          • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111221018
    rhsa
    id RHSA-2017:1270
    released 2017-05-24
    severity Important
    title RHSA-2017:1270: samba security update (Important)
  • bugzilla
    id 1450347
    title CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE (SambaCry)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment samba4 is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271021
        • comment samba4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506006
      • AND
        • comment samba4-client is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271017
        • comment samba4-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506014
      • AND
        • comment samba4-common is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271023
        • comment samba4-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506022
      • AND
        • comment samba4-dc is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271019
        • comment samba4-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506020
      • AND
        • comment samba4-dc-libs is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271015
        • comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506028
      • AND
        • comment samba4-devel is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271025
        • comment samba4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506026
      • AND
        • comment samba4-libs is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271007
        • comment samba4-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506010
      • AND
        • comment samba4-pidl is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271027
        • comment samba4-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506032
      • AND
        • comment samba4-python is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271011
        • comment samba4-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506030
      • AND
        • comment samba4-test is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271013
        • comment samba4-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506008
      • AND
        • comment samba4-winbind is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271029
        • comment samba4-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506024
      • AND
        • comment samba4-winbind-clients is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271005
        • comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506012
      • AND
        • comment samba4-winbind-krb5-locator is earlier than 0:4.2.10-10.el6_9
          oval oval:com.redhat.rhsa:tst:20171271009
        • comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506018
    rhsa
    id RHSA-2017:1271
    released 2017-05-24
    severity Important
    title RHSA-2017:1271: samba4 security update (Important)
  • rhsa
    id RHSA-2017:1272
  • rhsa
    id RHSA-2017:1273
  • rhsa
    id RHSA-2017:1390
rpms
  • ctdb-0:4.4.4-14.el7_3
  • ctdb-tests-0:4.4.4-14.el7_3
  • libsmbclient-0:4.4.4-14.el7_3
  • libsmbclient-devel-0:4.4.4-14.el7_3
  • libwbclient-0:4.4.4-14.el7_3
  • libwbclient-devel-0:4.4.4-14.el7_3
  • samba-0:4.4.4-14.el7_3
  • samba-client-0:4.4.4-14.el7_3
  • samba-client-libs-0:4.4.4-14.el7_3
  • samba-common-0:4.4.4-14.el7_3
  • samba-common-libs-0:4.4.4-14.el7_3
  • samba-common-tools-0:4.4.4-14.el7_3
  • samba-dc-0:4.4.4-14.el7_3
  • samba-dc-libs-0:4.4.4-14.el7_3
  • samba-devel-0:4.4.4-14.el7_3
  • samba-krb5-printing-0:4.4.4-14.el7_3
  • samba-libs-0:4.4.4-14.el7_3
  • samba-pidl-0:4.4.4-14.el7_3
  • samba-python-0:4.4.4-14.el7_3
  • samba-test-0:4.4.4-14.el7_3
  • samba-test-libs-0:4.4.4-14.el7_3
  • samba-vfs-glusterfs-0:4.4.4-14.el7_3
  • samba-winbind-0:4.4.4-14.el7_3
  • samba-winbind-clients-0:4.4.4-14.el7_3
  • samba-winbind-krb5-locator-0:4.4.4-14.el7_3
  • samba-winbind-modules-0:4.4.4-14.el7_3
  • libsmbclient-0:3.6.23-43.el6_9
  • libsmbclient-devel-0:3.6.23-43.el6_9
  • samba-0:3.6.23-43.el6_9
  • samba-client-0:3.6.23-43.el6_9
  • samba-common-0:3.6.23-43.el6_9
  • samba-doc-0:3.6.23-43.el6_9
  • samba-domainjoin-gui-0:3.6.23-43.el6_9
  • samba-glusterfs-0:3.6.23-43.el6_9
  • samba-swat-0:3.6.23-43.el6_9
  • samba-winbind-0:3.6.23-43.el6_9
  • samba-winbind-clients-0:3.6.23-43.el6_9
  • samba-winbind-devel-0:3.6.23-43.el6_9
  • samba-winbind-krb5-locator-0:3.6.23-43.el6_9
  • samba4-0:4.2.10-10.el6_9
  • samba4-client-0:4.2.10-10.el6_9
  • samba4-common-0:4.2.10-10.el6_9
  • samba4-dc-0:4.2.10-10.el6_9
  • samba4-dc-libs-0:4.2.10-10.el6_9
  • samba4-devel-0:4.2.10-10.el6_9
  • samba4-libs-0:4.2.10-10.el6_9
  • samba4-pidl-0:4.2.10-10.el6_9
  • samba4-python-0:4.2.10-10.el6_9
  • samba4-test-0:4.2.10-10.el6_9
  • samba4-winbind-0:4.2.10-10.el6_9
  • samba4-winbind-clients-0:4.2.10-10.el6_9
  • samba4-winbind-krb5-locator-0:4.2.10-10.el6_9
refmap via4
bid 98636
confirm
debian DSA-3860
misc https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
sectrack 1038552
saint via4
bid 98636
description Samba shared library upload and execution
id win_samba
title samba_shared_library_upload
type remote
the hacker news via4
Last major update 30-05-2017 - 14:29
Published 30-05-2017 - 14:29
Last modified 21-10-2018 - 06:29
Back to Top