CVE-2017-7494

Loading...

General

Score:10.0/10.0
Severity:High
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 30/05/17 - Updated on 21/10/18

Description

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Category: Input Validation Error

CWE-94 (Code Injection)
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Security Notices

US National Vulnerability DatabaseCVE-2017-7494
Amazon Linux ALAS-2017-834
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2017-AVI-165, CERTFR-2017-AVI-365, CERTFR-2018-AVI-172
Arch Linux ASA-201705-22
CentOS CESA-2017:1270, CESA-2017:1271
Debian DSA-3860-1
Debian LTSDLA-951-1
Oracle Linux ELSA-2017-1270, ELSA-2017-1271, ELSA-2017-1272, ELSA-2017-1950, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2017:1270, RHSA-2017:1271, RHSA-2017:1272, RHSA-2017:1273, RHSA-2017:1390
Renater 2017/VULN163
SUSE SUSE-SU-2017:1391, SUSE-SU-2017:1392, SUSE-SU-2017:1393, SUSE-SU-2017:1396
Ubuntu USN-3296-1, USN-3296-2

Exploits

Exploit-DBEDB-42060, EDB-42084
SecurityFocusBID-98636

Relative technologies

VendorProduct
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail