9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Recent assessments:
bwatters-r7 at April 14, 2020 4:47pm UTC reported:
This vulnerability was the Linux equivalent to Wanncry according to some journalists. It was not.
This vulnerability (AKA SambaCry) worked by writing a link library (.so file) to a linux host running Sama in such a way that samba then loaded it. On the face of it, this was a problem, but attackers had 2 large hurdles:
Anonymous file creation had to be enabled and
Attackers had to guess the right absolute path
In the first case, it is unlikely any enterprise will have anonymous file creation turned on, so immediately attackers are thwarted. In the second case, an attacker must guess the absolute path to the share as it is mounted on the remote computer. There are obvious guesses attackers could make, but nothing that was guaranteed. This was the classic example of a terrifying exploit mitigated by large caveats. Most common-sense approaches to SAMBA and SMB shared will mitigate this threat, namely not opening SMB/SAMBA shares to the internet, not allowing anonymous logins, and keeping software up to date.
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
www.debian.org/security/2017/dsa-3860
www.securityfocus.com/bid/98636
www.securitytracker.com/id/1038552
access.redhat.com/errata/RHSA-2017:1270
access.redhat.com/errata/RHSA-2017:1271
access.redhat.com/errata/RHSA-2017:1272
access.redhat.com/errata/RHSA-2017:1273
access.redhat.com/errata/RHSA-2017:1390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
security.gentoo.org/glsa/201805-07
security.netapp.com/advisory/ntap-20170524-0001
security.netapp.com/advisory/ntap-20170524-0001/
www.exploit-db.com/exploits/42060
www.exploit-db.com/exploits/42060/
www.exploit-db.com/exploits/42084
www.exploit-db.com/exploits/42084/
www.samba.org/samba/security/CVE-2017-7494.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%