Debian DSA-3860-1 : samba - security update (SambaCry)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

steelo discovered a remote code execution vulnerability in Samba, a
SMB/CIFS file, print, and login server for Unix. A malicious client
with access to a writable share, can take advantage of this flaw by
uploading a shared library and then cause the server to load and
execute it.

See also :

https://packages.debian.org/source/jessie/samba
http://www.debian.org/security/2017/dsa-3860

Solution :

Upgrade the samba packages.

For the stable distribution (jessie), this problem has been fixed in
version 2:4.2.14+dfsg-0+deb8u6.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 100391 ()

Bugtraq ID:

CVE ID: CVE-2017-7494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now