FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- remote code execution vulnerability

Affected packages
samba42 < 4.2.15
samba43 < 4.3.14
samba44 < 4.4.14
samba45 < 4.5.10
samba46 < 4.6.4

Details

VuXML ID 6f4d96c0-4062-11e7-b291-b499baebfeaf
Discovery 2017-05-24
Entry 2017-05-24

The samba project reports:

Remote code execution from a writable share.

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

References

CVE Name CVE-2017-7494
URL https://www.samba.org/samba/security/CVE-2017-7494.html