Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products

2017-06-13T00:00:00
ID HUAWEI-SA-20170613-01-SAMBA
Type huawei
Reporter Huawei Technologies
Modified 2017-11-29T00:00:00

Description

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing an authenticated attacker to upload a shared library to a writable share and execute arbitrary code remotely on a targeted system. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. (Vulnerability ID: HWPSIRT-2017-05176) This vulnerability has been assigned a CVE ID: CVE-2017-7494. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170613-01-samba-en