CVE-2017-7494 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Samba affects v. 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2017-7494 Scanner Detail
Samba is an open-source software tool used for file and print services. It allows Unix-based systems to communicate with Windows-based systems and share resources. Its primary use is in network environments where multiple operating systems coexist, allowing easy communication and sharing of resources across different platforms. Samba is a critical tool for businesses that require cross-platform communication in their network infrastructure.
CVE-2017-7494, is a remote code execution vulnerability in Samba that was detected in versions prior to 4.6.4, 4.5.10, and 4.4.14. The vulnerability allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. This vulnerability could potentially give complete control of the system to the attacker.
If the vulnerability is exploited, an attacker could gain complete control of the system. For instance, the attacker could install malware, extract sensitive data, or even encrypt the files, thereby rendering the system unusable. The risk associated with this vulnerability is enormous, and immediate action is necessary to mitigate the risk.
Securityforeveryone.com is a platform that provides comprehensive security insights to businesses and helps them identify vulnerabilities in their digital assets. With the pro features of this platform, businesses can easily and quickly learn about vulnerabilities in their digital assets, including Samba. By leveraging the insights provided by securityforeveryone.com, businesses can stay ahead of the curve and protect themselves against emerging cyber threats, safeguarding their critical data and ensuring that their business operations run smoothly.
REFERENCES
- securityfocus.com: 98636
- debian.org: DSA-3860
- exploit-db.com: 42084
- access.redhat.com: RHSA-2017:1270
- https://www.samba.org/samba/security/CVE-2017-7494.html
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
- access.redhat.com: RHSA-2017:1390
- securitytracker.com: 1038552
- access.redhat.com: RHSA-2017:1273
- access.redhat.com: RHSA-2017:1271
- security.gentoo.org: GLSA-201805-07
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
- access.redhat.com: RHSA-2017:1272
- https://security.netapp.com/advisory/ntap-20170524-0001/
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- exploit-db.com: 42060
control security posture