CVE-2017-7494

CVE-2017-7494

Name

CVE-2017-7494

Description

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://www.debian.org/security/2017/dsa-3860
Third Party Advisory	http://www.securityfocus.com/bid/98636
Third Party Advisory	http://www.securitytracker.com/id/1038552
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:1270
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:1271
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:1272
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:1273
Third Party Advisory	https://access.redhat.com/errata/RHSA-2017:1390
Third Party Advisory	https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
Third Party Advisory	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
Third Party Advisory	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
Third Party Advisory	https://security.gentoo.org/glsa/201805-07
Third Party Advisory	https://security.netapp.com/advisory/ntap-20170524-0001/
Third Party Advisory	https://www.exploit-db.com/exploits/42060/
Third Party Advisory	https://www.exploit-db.com/exploits/42084/
Patch	https://www.samba.org/samba/security/CVE-2017-7494.html

Type

URI

Third Party Advisory

http://www.debian.org/security/2017/dsa-3860

Third Party Advisory

http://www.securityfocus.com/bid/98636

Third Party Advisory

http://www.securitytracker.com/id/1038552

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1270

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1271

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1272

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1273

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1390

Third Party Advisory

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us

Third Party Advisory

https://security.gentoo.org/glsa/201805-07

Third Party Advisory

https://security.netapp.com/advisory/ntap-20170524-0001/

Third Party Advisory

https://www.exploit-db.com/exploits/42060/

Third Party Advisory

https://www.exploit-db.com/exploits/42084/

Patch

https://www.samba.org/samba/security/CVE-2017-7494.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:samba::::::::`	samba	>= 3.5.0	< 4.4.0
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.4.0	< 4.4.14
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.5.0	< 4.5.10
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.6.0	< 4.6.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 3.5.0

< 4.4.0

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.4.0

< 4.4.14

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.5.0

< 4.5.10

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.6.0

< 4.6.4

References

Match rules

Vulnerable and fixed packages