CVE-2017-14746

Loading...

General

Score:7.5/10.0
Severity:High
Category:Resource Management Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2010-0728, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 27/11/17 - Updated on 21/10/18

Description

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Category: Resource Management Error

CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Security Notices

US National Vulnerability DatabaseCVE-2017-14746
Amazon Linux ALAS-2017-933
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2017-AVI-425
Arch Linux ASA-201712-1
CentOS CESA-2017:3260, CESA-2017:3278
Debian DSA-4043-1
Oracle Linux ELSA-2017-3260, ELSA-2017-3278, ELSA-2018-3056
Redhat RHSA-2017:3260, RHSA-2017:3261, RHSA-2017:3278
Renater 2017/VULN359
SUSE SUSE-SU-2017:3086, SUSE-SU-2017:3104, SUSE-SU-2017:3155, SUSE-SU-2018:2321
Ubuntu USN-3486-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail