CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-7494

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score69.7820%
EPSS Percentile93.65th
Published2017年5月30日
Last Modified2026年4月21日

Vulnerability Description

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Affected Platforms (CPE)

📦
Samba

Samba

>= 3.5.0 and < 4.4.0
📦
Samba

Samba

>= 4.4.0 and < 4.4.14
📦
Samba

Samba

>= 4.5.0 and < 4.5.10
📦
Samba

Samba

>= 4.6.0 and < 4.6.4
💻
Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3860
🔗 http://www.securityfocus.com/bid/98636
🔗 http://www.securitytracker.com/id/1038552
🔗 https://access.redhat.com/errata/RHSA-2017:1270
🔗 https://access.redhat.com/errata/RHSA-2017:1271
🔗 https://access.redhat.com/errata/RHSA-2017:1272
🔗 https://access.redhat.com/errata/RHSA-2017:1273
🔗 https://access.redhat.com/errata/RHSA-2017:1390

相关漏洞威胁

CVE-2001-116210.0

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attacker...

CVE-1999-018210.0

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

CVE-1999-081010.0

Denial of service in Samba NETBIOS name service daemon (nmbd).

CVE-2001-098110.0

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without spec...