← back
CVE-2017-7494

CVE-2017-7494

CVSS 9.8 CRITICALEPSS 99.4%● KEVCWE-94
In short

Samba file servers before version 4.6.4 have a critical flaw that lets attackers upload malicious code to shared folders and force the server to run it, taking complete control of the system.

Technical detail

A pre-authentication remote code execution vulnerability exists in Samba versions 3.5.0 through 4.6.3 where an attacker can upload a malicious shared library to a writable SMB share and trigger its execution on the server via unsafe dynamic library loading, achieving arbitrary code execution with server privileges.

Summary generated and translated by AI from the official description.
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Samba · samba
public PoCs found24
githubgithub.com/opsxcq/exploit-CVE-2017-7494382githubgithub.com/joxeankoret/CVE-2017-7494260githubgithub.com/betab0t/cve-2017-7494181githubgithub.com/Waffles-2/SambaCry63githubgithub.com/brianwrf/SambaHunter57githubgithub.com/d3fudd/CVE-2017-7494_SambaCry7githubgithub.com/0xm4ud/noSAMBAnoCRY-CVE-2017-74945githubgithub.com/I-Rinka/BIT-EternalBlue-for-macOS_Linux4githubgithub.com/Zer0d0y/Samba-CVE-2017-74941githubgithub.com/00mjk/exploit-CVE-2017-74941githubgithub.com/john-80/cve-2017-74940githubgithub.com/homjxi0e/CVE-2017-74940githubgithub.com/incredible1yu/CVE-2017-74940githubgithub.com/cved-sources/cve-2017-74940githubgithub.com/Hansindu-M/CVE-2017-7494_IT191153440githubgithub.com/adjaliya/-CVE-2017-7494-Samba-Exploit-POC0githubgithub.com/FelipeR-UFBA/cve-2017-7494-fixed0githubgithub.com/sudlit/CVE-2017-74940githubgithub.com/Zanex360/cdt-samba-deploy0githubgithub.com/Zanex360/cdt-vulnsamba-deploy0cve_referencewww.exploit-db.com/exploits/42084/unverifiedcve_referencewww.exploit-db.com/exploits/42060/unverifiedexploitdbwww.exploit-db.com/exploits/42060unverifiedexploitdbwww.exploit-db.com/exploits/42084unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:1270https://access.redhat.com/errata/RHSA-2017:1271https://access.redhat.com/errata/RHSA-2017:1272https://access.redhat.com/errata/RHSA-2017:1273https://access.redhat.com/errata/RHSA-2017:1390https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_ushttps://security.gentoo.org/glsa/201805-07https://security.netapp.com/advisory/ntap-20170524-0001/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494https://www.exploit-db.com/exploits/42060/