CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7494

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score69.7820%
EPSS Percentile93.65th
PublishedMay 30, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Affected Platforms (CPE)

πŸ“¦
Samba

Samba

>= 3.5.0 and < 4.4.0
πŸ“¦
Samba

Samba

>= 4.4.0 and < 4.4.14
πŸ“¦
Samba

Samba

>= 4.5.0 and < 4.5.10
πŸ“¦
Samba

Samba

>= 4.6.0 and < 4.6.4
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3860
πŸ”— http://www.securityfocus.com/bid/98636
πŸ”— http://www.securitytracker.com/id/1038552
πŸ”— https://access.redhat.com/errata/RHSA-2017:1270
πŸ”— https://access.redhat.com/errata/RHSA-2017:1271
πŸ”— https://access.redhat.com/errata/RHSA-2017:1272
πŸ”— https://access.redhat.com/errata/RHSA-2017:1273
πŸ”— https://access.redhat.com/errata/RHSA-2017:1390

Related Vulnerabilities

CVE-2001-116210.0

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attacker...

CVE-1999-018210.0

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

CVE-1999-081010.0

Denial of service in Samba NETBIOS name service daemon (nmbd).

CVE-2001-098110.0

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without spec...