CVE-2017-7494 - Vulnerability Details

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 30, 2023.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Debian	Debian Linux
Redhat	Enterprise Linux Rhel Aus Rhel Els Rhel Eus Rhel Mission Critical Rhel Tus Storage
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5 Extended Lifecycle Support
samba3x-0:3.6.23-14.el5_11	cpe:/o:redhat:rhel_els:5	RHSA-2017:1272	2017-05-24T00:00:00Z
Red Hat Enterprise Linux 6
samba-0:3.6.23-43.el6_9	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:1270	2017-05-24T00:00:00Z
samba4-0:4.2.10-10.el6_9	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:1271	2017-05-24T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
samba-0:3.6.23-32.el6_2	cpe:/o:redhat:rhel_mission_critical:6.2	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
samba-0:3.6.23-32.el6_4	cpe:/o:redhat:rhel_aus:6.4	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
samba-0:3.6.23-32.el6_5	cpe:/o:redhat:rhel_aus:6.5	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.5 Telco Extended Update Support
samba-0:3.6.23-32.el6_5	cpe:/o:redhat:rhel_tus:6.5	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
samba-0:3.6.23-32.el6_6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.6 Telco Extended Update Support
samba-0:3.6.23-32.el6_6	cpe:/o:redhat:rhel_tus:6.6	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 6.7 Extended Update Support
samba-0:3.6.23-32.el6_7	cpe:/o:redhat:rhel_eus:6.7	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Enterprise Linux 7
samba-0:4.4.4-14.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1270	2017-05-24T00:00:00Z
Red Hat Enterprise Linux 7.2 Extended Update Support
samba-0:4.2.10-11.el7_2	cpe:/o:redhat:rhel_eus:7.1	RHSA-2017:1390	2017-06-05T00:00:00Z
Red Hat Gluster Storage 3.2 for RHEL 6
samba-0:4.4.6-5.el6rhs	cpe:/a:redhat:storage:3.2:samba:el6	RHSA-2017:1273	2017-05-24T00:00:00Z
Red Hat Gluster Storage 3.2 for RHEL 7
samba-0:4.4.6-5.el7rhgs	cpe:/a:redhat:storage:3.2:samba:el7	RHSA-2017:1273	2017-05-24T00:00:00Z

References

Link	Providers
http://www.debian.org/security/2017/dsa-3860
http://www.securityfocus.com/bid/98636
http://www.securitytracker.com/id/1038552
https://access.redhat.com/errata/RHSA-2017:1270
https://access.redhat.com/errata/RHSA-2017:1271
https://access.redhat.com/errata/RHSA-2017:1272
https://access.redhat.com/errata/RHSA-2017:1273
https://access.redhat.com/errata/RHSA-2017:1390
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
https://nvd.nist.gov/vuln/detail/CVE-2017-7494
https://security.gentoo.org/glsa/201805-07
https://security.netapp.com/advisory/ntap-20170524-0001/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2017-7494
https://www.exploit-db.com/exploits/42060/
https://www.exploit-db.com/exploits/42084/
https://www.samba.org/samba/security/CVE-2017-7494.html

History

Fri, 07 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-03-30'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-05-30T18:00:00.000Z

Updated: 2025-02-07T13:29:38.079Z

Reserved: 2017-04-05T00:00:00.000Z

Link: CVE-2017-7494

Vulnrichment

Updated: 2024-08-05T16:04:11.946Z

NVD

Status : Deferred

Published: 2017-05-30T18:29:00.190

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-7494

Redhat

Severity : Important

Publid Date: 2017-05-24T00:00:00Z

Links: CVE-2017-7494 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "Samba", "versions": [{"status": "affected", "version": "since 3.5.0"}]}], "datePublic": "2017-05-24T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."}], "problemTypes": [{"descriptions": [{"description": "remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-21T09:57:02.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "98636", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98636"}, {"name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}, {"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038552"}, {"name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42060/"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.946Z"}, "title": "CVE Program Container", "references": [{"name": "98636", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98636"}, {"name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038552"}, {"name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42060/"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T13:29:34.869777Z", "id": "CVE-2017-7494", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-03-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7494"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:29:38.079Z"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7494", "datePublished": "2017-05-30T18:00:00.000Z", "dateReserved": "2017-04-05T00:00:00.000Z", "dateUpdated": "2025-02-07T13:29:38.079Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/98636", "name": "98636", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.debian.org/security/2017/dsa-3860", "name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/42084/", "name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1270", "name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2017-7494.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1390", "name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1038552", "name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1273", "name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1271", "name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201805-07", "name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1272", "name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20170524-0001/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/42060/", "name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.946Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-7494", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:29:34.869777Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-03-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7494"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:23:19.600Z"}}], "cna": {"affected": [{"vendor": "Samba", "product": "samba", "versions": [{"status": "affected", "version": "since 3.5.0"}]}], "datePublic": "2017-05-24T00:00:00.000Z", "references": [{"url": "http://www.securityfocus.com/bid/98636", "name": "98636", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.debian.org/security/2017/dsa-3860", "name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://www.exploit-db.com/exploits/42084/", "name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1270", "name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.samba.org/samba/security/CVE-2017-7494.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01", "tags": ["x_refsource_MISC"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1390", "name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securitytracker.com/id/1038552", "name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1273", "name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1271", "name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/201805-07", "name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1272", "name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.netapp.com/advisory/ntap-20170524-0001/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.exploit-db.com/exploits/42060/", "name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}], "descriptions": [{"lang": "en", "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "remote code execution"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2018-10-21T09:57:02.000Z"}}}, "cveMetadata": {"cveId": "CVE-2017-7494", "state": "PUBLISHED", "dateUpdated": "2025-02-07T13:29:38.079Z", "dateReserved": "2017-04-05T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2017-05-30T18:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-04-20", "cisaExploitAdd": "2023-03-30", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Samba Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF2ABA66-D242-45C8-A05C-B3C828692F34", "versionEndExcluding": "4.4.0", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "60CD8A70-8E75-44BD-8922-C3C92E02CECF", "versionEndExcluding": "4.4.14", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A15B468-4997-4E21-9975-9A8F5F87F5F4", "versionEndExcluding": "4.5.10", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "011C42DE-43E0-4EF0-B580-C0F121358D6A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."}, {"lang": "es", "value": "Samba desde la versi\u00f3n 3.5.0 y anteriores a 4.6.4, versiones 4.5.10 y 4.4.14, son vulnerables a la ejecuci\u00f3n de c\u00f3digo remota, lo que permite que un cliente malicioso cargar una biblioteca compartida en un recurso compartido editable, y luego causar que el servidor lo cargue y ejecute."}], "id": "CVE-2017-7494", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-05-30T18:29:00.190", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98636"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038552"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42060/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98636"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42060/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:1272", "cpe": "cpe:/o:redhat:rhel_els:5", "package": "samba3x-0:3.6.23-14.el5_11", "product_name": "Red Hat Enterprise Linux 5 Extended Lifecycle Support", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1270", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-43.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1271", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.2.10-10.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "samba-0:3.6.23-32.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "samba-0:3.6.23-32.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "samba-0:3.6.23-32.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_tus:6.5", "package": "samba-0:3.6.23-32.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Telco Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "samba-0:3.6.23-32.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_tus:6.6", "package": "samba-0:3.6.23-32.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "samba-0:3.6.23-32.el6_7", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1270", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.4.4-14.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "samba-0:4.2.10-11.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1273", "cpe": "cpe:/a:redhat:storage:3.2:samba:el6", "package": "samba-0:4.4.6-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1273", "cpe": "cpe:/a:redhat:storage:3.2:samba:el7", "package": "samba-0:4.4.6-5.el7rhgs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 7", "release_date": "2017-05-24T00:00:00Z"}], "bugzilla": {"description": "samba: Loading shared modules from any path in the system leading to RCE (SambaCry)", "id": "1450347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450347"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.", "A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root."], "mitigation": {"lang": "en:us", "value": "Any of the following:\n1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit\n2. Mount the filesystem which is used by samba for its writable share using \"noexec\" option.\n3. Add the parameter:\nnt pipe support = no\nto the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients."}, "name": "CVE-2017-7494", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7494\nhttps://www.samba.org/samba/security/CVE-2017-7494.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This vulnerability exists in the samba server, client side packages are not affected.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object