Debian DSA-3860-1 : samba - security update (SambaCry)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote Debian host is missing a security-related update.

Description :

steelo discovered a remote code execution vulnerability in Samba, a
SMB/CIFS file, print, and login server for Unix. A malicious client
with access to a writable share, can take advantage of this flaw by
uploading a shared library and then cause the server to load and
execute it.

See also :

Solution :

Upgrade the samba packages.

For the stable distribution (jessie), this problem has been fixed in
version 2:4.2.14+dfsg-0+deb8u6.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 100391 ()

Bugtraq ID:

CVE ID: CVE-2017-7494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now