{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "Samba", "versions": [{"status": "affected", "version": "since 3.5.0"}]}], "datePublic": "2017-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."}], "problemTypes": [{"descriptions": [{"description": "remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-21T09:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "98636", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98636"}, {"name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}, {"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038552"}, {"name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42060/"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.946Z"}, "title": "CVE Program Container", "references": [{"name": "98636", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98636"}, {"name": "DSA-3860", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"name": "42084", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"name": "RHSA-2017:1270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"name": "RHSA-2017:1390", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"name": "1038552", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038552"}, {"name": "RHSA-2017:1273", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"name": "RHSA-2017:1271", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"name": "RHSA-2017:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"name": "42060", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42060/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7494", "datePublished": "2017-05-30T18:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2023-04-20", "cisaExploitAdd": "2023-03-30", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Samba Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF2ABA66-D242-45C8-A05C-B3C828692F34", "versionEndExcluding": "4.4.0", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "60CD8A70-8E75-44BD-8922-C3C92E02CECF", "versionEndExcluding": "4.4.14", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A15B468-4997-4E21-9975-9A8F5F87F5F4", "versionEndExcluding": "4.5.10", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "011C42DE-43E0-4EF0-B580-C0F121358D6A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."}, {"lang": "es", "value": "Samba desde la versi\u00f3n 3.5.0 y anteriores a 4.6.4, versiones 4.5.10 y 4.4.14, son vulnerables a la ejecuci\u00f3n de c\u00f3digo remota, lo que permite que un cliente malicioso cargar una biblioteca compartida en un recurso compartido editable, y luego causar que el servidor lo cargue y ejecute."}], "id": "CVE-2017-7494", "lastModified": "2022-08-16T13:02:08.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-30T18:29:00.190", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3860"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98636"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038552"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1270"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1271"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1272"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1273"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1390"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42060/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42084/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:1272", "cpe": "cpe:/o:redhat:rhel_els:5", "package": "samba3x-0:3.6.23-14.el5_11", "product_name": "Red Hat Enterprise Linux 5 Extended Lifecycle Support", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1270", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-43.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1271", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.2.10-10.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "samba-0:3.6.23-32.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "samba-0:3.6.23-32.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "samba-0:3.6.23-32.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_tus:6.5", "package": "samba-0:3.6.23-32.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Telco Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "samba-0:3.6.23-32.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_tus:6.6", "package": "samba-0:3.6.23-32.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "samba-0:3.6.23-32.el6_7", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1270", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.4.4-14.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1390", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "samba-0:4.2.10-11.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support", "release_date": "2017-06-05T00:00:00Z"}, {"advisory": "RHSA-2017:1273", "cpe": "cpe:/a:redhat:storage:3.2:samba:el6", "package": "samba-0:4.4.6-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 6", "release_date": "2017-05-24T00:00:00Z"}, {"advisory": "RHSA-2017:1273", "cpe": "cpe:/a:redhat:storage:3.2:samba:el7", "package": "samba-0:4.4.6-5.el7rhgs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 7", "release_date": "2017-05-24T00:00:00Z"}], "bugzilla": {"description": "samba: Loading shared modules from any path in the system leading to RCE (SambaCry)", "id": "1450347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450347"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.", "A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root."], "mitigation": {"lang": "en:us", "value": "Any of the following:\n1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit\n2. Mount the filesystem which is used by samba for its writable share using \"noexec\" option.\n3. Add the parameter:\nnt pipe support = no\nto the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients."}, "name": "CVE-2017-7494", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7494\nhttps://www.samba.org/samba/security/CVE-2017-7494.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This vulnerability exists in the samba server, client side packages are not affected.", "threat_severity": "Important"}