CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2017/dsa-3860	Third Party Advisory
http://www.securityfocus.com/bid/98636	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038552	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1270	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1271	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1272	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1273	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1390	Third Party Advisory
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us	Third Party Advisory
https://security.gentoo.org/glsa/201805-07	Third Party Advisory
https://security.netapp.com/advisory/ntap-20170524-0001/	Third Party Advisory
https://www.exploit-db.com/exploits/42060/	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42084/	Third Party Advisory VDB Entry
https://www.samba.org/samba/security/CVE-2017-7494.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

16 Aug 2022, 13:02

Information

Published : 2017-05-30 18:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-7494

Mitre link : CVE-2017-7494

CVE.ORG link : CVE-2017-7494

JSON object : View

Products Affected

samba

samba

debian

debian_linux

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Type	Values Removed	Values Added
CPE	cpe:2.3:a:samba:samba:4.3.7:::::::* cpe:2.3:a:samba:samba:4.2.11:::::::* cpe:2.3:a:samba:samba:4.4.9:::::::* cpe:2.3:a:samba:samba:4.0.11:::::::* cpe:2.3:a:samba:samba:4.2.3:::::::* cpe:2.3:a:samba:samba:4.2.10:::::::* cpe:2.3:a:samba:samba:4.0.16:::::::* cpe:2.3:a:samba:samba:4.0.12:::::::* cpe:2.3:a:samba:samba:3.6.24:::::::* cpe:2.3:a:samba:samba:4.0.17:::::::* cpe:2.3:a:samba:samba:4.3.0:::::::* cpe:2.3:a:samba:samba:4.0.3:::::::* cpe:2.3:a:samba:samba:4.0.13:::::::* cpe:2.3:a:samba:samba:4.4.0:rc3:::::: cpe:2.3:a:samba:samba:4.2.9:::::::* cpe:2.3:a:samba:samba:3.6.20:::::::* cpe:2.3:a:samba:samba:4.1.15:::::::* cpe:2.3:a:samba:samba:3.5.12:::::::* cpe:2.3:a:samba:samba:3.6.18:::::::* cpe:2.3:a:samba:samba:3.5.20:::::::* cpe:2.3:a:samba:samba:4.5.0:::::::* cpe:2.3:a:samba:samba:3.6.17:::::::* cpe:2.3:a:samba:samba:4.0.8:::::::* cpe:2.3:a:samba:samba:4.4.13:::::::* cpe:2.3:a:samba:samba:3.6.22:::::::* cpe:2.3:a:samba:samba:4.2.7:::::::* cpe:2.3:a:samba:samba:4.1.18:::::::* cpe:2.3:a:samba:samba:4.0.0:::::::* cpe:2.3:a:samba:samba:4.3.4:::::::* cpe:2.3:a:samba:samba:4.3.8:::::::* cpe:2.3:a:samba:samba:4.6.3:::::::* cpe:2.3:a:samba:samba:4.1.2:::::::* cpe:2.3:a:samba:samba:4.1.13:::::::* cpe:2.3:a:samba:samba:3.6.21:::::::* cpe:2.3:a:samba:samba:4.1.23:::::::* cpe:2.3:a:samba:samba:4.6.5:::::::* cpe:2.3:a:samba:samba:3.5.15:::::::* cpe:2.3:a:samba:samba:4.2.8:::::::* cpe:2.3:a:samba:samba:3.5.0:::::::* cpe:2.3:a:samba:samba:4.1.19:::::::* cpe:2.3:a:samba:samba:4.2.0:rc2:::::: cpe:2.3:a:samba:samba:4.2.0:rc4:::::: cpe:2.3:a:samba:samba:4.0.26:::::::* cpe:2.3:a:samba:samba:4.1.8:::::::* cpe:2.3:a:samba:samba:4.1.11:::::::* cpe:2.3:a:samba:samba:3.5.10:::::::* cpe:2.3:a:samba:samba:4.0.6:::::::* cpe:2.3:a:samba:samba:3.6.15:::::::* cpe:2.3:a:samba:samba:3.6.3:::::::* cpe:2.3:a:samba:samba:3.6.14:::::::* cpe:2.3:a:samba:samba:4.6.0:::::::* cpe:2.3:a:samba:samba:4.0.9:::::::* cpe:2.3:a:samba:samba:4.0.20:::::::* cpe:2.3:a:samba:samba:4.5.2:::::::* cpe:2.3:a:samba:samba:4.5.6:::::::* cpe:2.3:a:samba:samba:4.4.5:::::::* cpe:2.3:a:samba:samba:4.2.4:::::::* cpe:2.3:a:samba:samba:4.4.12:::::::* cpe:2.3:a:samba:samba:4.0.22:::::::* cpe:2.3:a:samba:samba:4.0.18:::::::* cpe:2.3:a:samba:samba:3.5.13:::::::* cpe:2.3:a:samba:samba:4.0.19:::::::* cpe:2.3:a:samba:samba:4.2.12:::::::* cpe:2.3:a:samba:samba:3.5.8:::::::* cpe:2.3:a:samba:samba:3.6.12:::::::* cpe:2.3:a:samba:samba:4.5.1:::::::* cpe:2.3:a:samba:samba:4.1.21:::::::* cpe:2.3:a:samba:samba:4.0.1:::::::* cpe:2.3:a:samba:samba:4.0.2:::::::* cpe:2.3:a:samba:samba:4.4.0:rc2:::::: cpe:2.3:a:samba:samba:3.6.1:::::::* cpe:2.3:a:samba:samba:4.2.13:::::::* cpe:2.3:a:samba:samba:3.5.16:::::::* cpe:2.3:a:samba:samba:3.6.2:::::::* cpe:2.3:a:samba:samba:4.0.25:::::::* cpe:2.3:a:samba:samba:4.1.7:::::::* cpe:2.3:a:samba:samba:4.1.16:::::::* cpe:2.3:a:samba:samba:4.4.10:::::::* cpe:2.3:a:samba:samba:4.4.11:::::::* cpe:2.3:a:samba:samba:4.5.8:::::::* cpe:2.3:a:samba:samba:3.6.23:::::::* cpe:2.3:a:samba:samba:3.6.11:::::::* cpe:2.3:a:samba:samba:3.6.6:::::::* cpe:2.3:a:samba:samba:4.4.3:::::::* cpe:2.3:a:samba:samba:3.6.13:::::::* cpe:2.3:a:samba:samba:4.1.22:::::::* cpe:2.3:a:samba:samba:3.6.25:::::::* cpe:2.3:a:samba:samba:4.1.1:::::::* cpe:2.3:a:samba:samba:4.1.4:::::::* cpe:2.3:a:samba:samba:4.5.5:::::::* cpe:2.3:a:samba:samba:4.5.3:::::::* cpe:2.3:a:samba:samba:4.4.4:::::::* cpe:2.3:a:samba:samba:4.2.2:::::::* cpe:2.3:a:samba:samba:3.6.4:::::::* cpe:2.3:a:samba:samba:3.6.16:::::::* cpe:2.3:a:samba:samba:4.1.6:::::::* cpe:2.3:a:samba:samba:3.5.14:::::::* cpe:2.3:a:samba:samba:4.3.2:::::::* cpe:2.3:a:samba:samba:3.5.17:::::::* cpe:2.3:a:samba:samba:3.5.6:::::::* cpe:2.3:a:samba:samba:4.1.12:::::::* cpe:2.3:a:samba:samba:4.4.0:rc1:::::: cpe:2.3:a:samba:samba:3.6.9:::::::* cpe:2.3:a:samba:samba:3.6.10:::::::* cpe:2.3:a:samba:samba:4.1.20:::::::* cpe:2.3:a:samba:samba:3.5.5:::::::* cpe:2.3:a:samba:samba:4.1.9:::::::* cpe:2.3:a:samba:samba:3.6.19:::::::* cpe:2.3:a:samba:samba:4.5.9:::::::* cpe:2.3:a:samba:samba:4.2.1:::::::* cpe:2.3:a:samba:samba:4.5.4:::::::* cpe:2.3:a:samba:samba:4.3.1:::::::* cpe:2.3:a:samba:samba:4.6.1:::::::* cpe:2.3:a:samba:samba:4.3.9:::::::* cpe:2.3:a:samba:samba:4.0.7:::::::* cpe:2.3:a:samba:samba:3.5.1:::::::* cpe:2.3:a:samba:samba:4.5.7:::::::* cpe:2.3:a:samba:samba:3.5.22:::::::* cpe:2.3:a:samba:samba:4.1.17:::::::* cpe:2.3:a:samba:samba:3.5.9:::::::* cpe:2.3:a:samba:samba:3.5.2:::::::* cpe:2.3:a:samba:samba:4.0.10:::::::* cpe:2.3:a:samba:samba:4.3.3:::::::* cpe:2.3:a:samba:samba:3.5.3:::::::* cpe:2.3:a:samba:samba:4.2.5:::::::* cpe:2.3:a:samba:samba:4.4.6:::::::* cpe:2.3:a:samba:samba:3.5.18:::::::* cpe:2.3:a:samba:samba:3.5.21:::::::* cpe:2.3:a:samba:samba:4.3.10:::::::* cpe:2.3:a:samba:samba:4.0.21:::::::* cpe:2.3:a:samba:samba:3.5.11:::::::* cpe:2.3:a:samba:samba:4.4.2:::::::* cpe:2.3:a:samba:samba:4.6.2:::::::* cpe:2.3:a:samba:samba:3.6.8:::::::* cpe:2.3:a:samba:samba:4.0.14:::::::* cpe:2.3:a:samba:samba:4.0.15:::::::* cpe:2.3:a:samba:samba:4.2.14:::::::* cpe:2.3:a:samba:samba:4.1.10:::::::* cpe:2.3:a:samba:samba:4.3.6:::::::* cpe:2.3:a:samba:samba:4.2.6:::::::* cpe:2.3:a:samba:samba:4.1.5:::::::* cpe:2.3:a:samba:samba:4.0.4:::::::* cpe:2.3:a:samba:samba:4.1.3:::::::* cpe:2.3:a:samba:samba:4.0.5:::::::* cpe:2.3:a:samba:samba:4.4.1:::::::* cpe:2.3:a:samba:samba:3.5.19:::::::* cpe:2.3:a:samba:samba:4.2.0:rc1:::::: cpe:2.3:a:samba:samba:3.6.5:::::::* cpe:2.3:a:samba:samba:4.4.8:::::::* cpe:2.3:a:samba:samba:4.0.24:::::::* cpe:2.3:a:samba:samba:4.2.0:rc3:::::: cpe:2.3:a:samba:samba:4.1.0:::::::* cpe:2.3:a:samba:samba:4.0.23:::::::* cpe:2.3:a:samba:samba:3.6.7:::::::* cpe:2.3:a:samba:samba:3.5.7:::::::* cpe:2.3:a:samba:samba:4.4.7:::::::* cpe:2.3:a:samba:samba:4.3.5:::::::* cpe:2.3:a:samba:samba:3.5.4:::::::* cpe:2.3:a:samba:samba:4.3.11:::::::* cpe:2.3:a:samba:samba:4.1.14:::::::* cpe:2.3:a:samba:samba:3.6.0:::::::*	cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:a:samba:samba::::::::
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1273 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1273 - Third Party Advisory
References	~~(GENTOO) https://security.gentoo.org/glsa/201805-07 -~~	(GENTOO) https://security.gentoo.org/glsa/201805-07 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1270 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1270 - Third Party Advisory
References	~~(CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us -~~	(CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1390 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1390 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1272 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1272 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1271 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1271 - Third Party Advisory
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/42084/ -~~	(EXPLOIT-DB) https://www.exploit-db.com/exploits/42084/ - Third Party Advisory, VDB Entry
References	~~(SECTRACK) http://www.securitytracker.com/id/1038552 -~~	(SECTRACK) http://www.securitytracker.com/id/1038552 - Third Party Advisory, VDB Entry
References	~~(DEBIAN) http://www.debian.org/security/2017/dsa-3860 -~~	(DEBIAN) http://www.debian.org/security/2017/dsa-3860 - Third Party Advisory
References	~~(MISC) https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01 -~~	(MISC) https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20170524-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20170524-0001/ - Third Party Advisory
References	~~(CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us -~~	(CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us - Third Party Advisory
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/42060/ -~~	(EXPLOIT-DB) https://www.exploit-db.com/exploits/42060/ - Third Party Advisory, VDB Entry

9.8 /10