CVE-2017-7494

critical-risk
Published 2017-05-30

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Do I need to act?

!
94.2% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
2 public exploits available
42060, 42084
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Debian Samba

References (33)

Third Party Advisory http://www.debian.org/security/2017/dsa-3860
Third Party Advisory http://www.securityfocus.com/bid/98636
Third Party Advisory http://www.securitytracker.com/id/1038552
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1270
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1271
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1272
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1273
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1390
Third Party Advisory https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_Fi...
Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Third Party Advisory https://security.gentoo.org/glsa/201805-07
Third Party Advisory https://security.netapp.com/advisory/ntap-20170524-0001/
Third Party Advisory https://www.exploit-db.com/exploits/42060/
Third Party Advisory https://www.exploit-db.com/exploits/42084/
Patch https://www.samba.org/samba/security/CVE-2017-7494.html
Third Party Advisory http://www.debian.org/security/2017/dsa-3860
Third Party Advisory http://www.securityfocus.com/bid/98636
Third Party Advisory http://www.securitytracker.com/id/1038552
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1270
and 13 more references
73
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 34/34 · Critical
Exposure 7/34 · Low