Samba > 3.5.0 Remote Code Execution (CVE-2017-7494)

May 25, 2017

Summary

The samba team has released a patch for a Remote Code Execution bug that affects all versions between 3.5.0 and 4.6.3/4.5.9/4.4.13. This vulnerability will allow a malicious attacker to upload a library to a writable share then cause the server to execute that library. [1] Patches are available from the samba.org. [2]

Impact

Attackers can execute arbitrary code remotely by exploiting this vulnerability.

Vulnerable

  • Samba 3.5.X
  • Samba 3.6.X
  • Samba 4.0.X
  • Samba 4.1.X
  • Samba 4.2.X
  • Samba 4.3.X
  • Samba 4.4.X prior to 4.4.14
  • Samba 4.5.X prior to 4.5.10
  • Samba 4.6.X prior to 4.6.4
  • Storage or multifunction devices where the vendor utilized any of the above versions of Samba

Recommendations

  • Apply patches for any installed versions
  • Employ the work around [3]
  • Check with vendors for any network storage or multifunction devices that utilize Samba

References