Samba 3.5.x < 4.4 / 4.4.x < 4.4.14 / 4.5.x < 4.5.10 / 4.6.x < 4.6.4 Shared Library RCE

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a remote code execution
vulnerability.

Description :

The version of Samba running on the remote host is 3.5.x prior to
4.4.x, or it is 4.4.x prior to 4.4.14, 4.5.x prior to 4.5.10, or 4.6.x
prior to 4.6.4. It is, therefore, affected by an unspecified remote
code execution vulnerability. An authenticated, remote attacker can
exploit this, via a specially crafted shared library uploaded to a
writable share, to cause the server to load and execute arbitrary code
with root privileges.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://www.samba.org/samba/security/CVE-2017-7494.html
https://www.samba.org/samba/history/samba-4.4.14.html
https://www.samba.org/samba/history/samba-4.5.10.html
https://www.samba.org/samba/history/samba-4.6.4.html

Solution :

Upgrade to Samba version 4.4.14 / 4.5.10 / 4.6.4 or later.

Alternatively, add the parameter 'nt pipe support = no' to the
[global] section of the smb.conf and restart smbd. This prevents
clients from accessing any named pipe endpoints. Note that this
workaround can disable some expected functionality for Windows
clients.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 100388 ()

Bugtraq ID: 98636

CVE ID: CVE-2017-7494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now