edit-icon download-icon

[Vulnerability notice] CVE-2017-7494: Remote code execution vulnerability in Samba

Last Updated: Apr 02, 2018

On May 24, 2017, Samba 4.6.4 was released to fix a serious remote code execution vulnerability with the vulnerability ID CVE-2017-7494. This vulnerability affects all versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-7494

Vulnerability name

Samba remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

The vulnerability uses a writeable Samba user right to obtain the root access right of the Samba server (by default, Samba can only be operated by the root user). This vulnerability affects all versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.

Condition and method of exploitation

This vulnerability can be exploited remotely.

Affected scope

All versions earlier than Samba 3.5.0 and Samba 4.6.4/4.5.10/4.4.14.

Vulnerability detection

Check whether any affected version of Samba is used.

How to fix or mitigate

  • If you have installed Samba by using source code, you must download the latest Samba version and manually reinstall it as soon as possible.

  • If you have installed Samba by using a binary distribution package (in RPM or another mode), you must immediately run yum and perform security update operations such as apt-get update.

  • Add the nt pipe support = no option under the global node in smb.conf and then restart the Samba service, to prevent the vulnerability from being exploited. This is a mitigation measure.

Reference

[1]. https://www.samba.org/samba/security/CVE-2017-7494.html
[2]. https://www.reddit.com/r/netsec/comments/6d0tfx/samba_cve20177494_remote_code_execution_from_a/

Thank you! We've received your feedback.