CVE-2017-7494
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-7494
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Samba 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba中存在远程代码执行漏洞。远程攻击者可利用该漏洞使服务器加载和执行上传的共享库。以下版本受到影响:Samba 4.6.4之前的版本,4.5.10之前的版本,4.4.14之前的版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2017-7494
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share) | https://github.com/betab0t/cve-2017-7494 | POC Details |
| 2 | None | https://github.com/homjxi0e/CVE-2017-7494 | POC Details |
| 3 | SambaCry exploit and vulnerable container (CVE-2017-7494) | https://github.com/opsxcq/exploit-CVE-2017-7494 | POC Details |
| 4 | CVE-2017-7494 - Detection Scripts | https://github.com/Waffles-2/SambaCry | POC Details |
| 5 | It is a simple script to exploit RCE for Samba (CVE-2017-7494 ). | https://github.com/brianwrf/SambaHunter | POC Details |
| 6 | Remote root exploit for the SAMBA CVE-2017-7494 vulnerability | https://github.com/joxeankoret/CVE-2017-7494 | POC Details |
| 7 | 搭建漏洞利用测试环境 | https://github.com/Zer0d0y/Samba-CVE-2017-7494 | POC Details |
| 8 | CVE-2017-7494 C poc | https://github.com/incredible1yu/CVE-2017-7494 | POC Details |
| 9 | cve-2017-7494 | https://github.com/cved-sources/cve-2017-7494 | POC Details |
| 10 | samba 4.5.9 | https://github.com/john-80/cve-2017-7494 | POC Details |
| 11 | A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. | https://github.com/Hansindu-M/CVE-2017-7494_IT19115344 | POC Details |
| 12 | CVE-2017-7494 python exploit | https://github.com/0xm4ud/noSAMBAnoCRY-CVE-2017-7494 | POC Details |
| 13 | Exploit CVE-2017-7494 for Net Security course final Assignment. This would reveal the vulnerability of services that run in administrative priority on Linux. | https://github.com/I-Rinka/BIT-EternalBlue-for-macOS_Linux | POC Details |
| 14 | None | https://github.com/yinyinmeimei/CVE-2017-7494-payload | POC Details |
| 15 | According to researchers with Rapid7, over 110,000 devices appear on internet, which run stable Samba versions, while 92,500 seem to run unstable Samba versions, for which there is no fix. The newest Samba models, including the models 4.6.x before 4.6.4, 4.5.x before 4.5.10 and 3.5.0 before 4.4.13, was impacted by this error. May 24, 2017, Samba released version 4.6.4, which fixes a serious remote code execution vulnerability, vulnerability number CVE-2017-7494, which affected Samba 3.5.0 onwards. Vulnerability number: CVE-2017-7494 Severity Rating: High Affected software: • Samba Version < 4.6.4 • Samba Version < 4.5.10 • Samba Version < 4.4.14 Unaffected software: • Samba Version = 4.6.4 • Samba Version = 4.5.10 • Samba Version = 4.4.14 | https://github.com/adjaliya/-CVE-2017-7494-Samba-Exploit-POC | POC Details |
| 16 | SambaCry exploit (CVE-2017-7494) | https://github.com/00mjk/exploit-CVE-2017-7494 | POC Details |
| 17 | SambaCry (CVE-2017-7494) exploit for Samba | bind shell without Metasploit | https://github.com/d3fudd/CVE-2017-7494_SambaCry | POC Details |
| 18 | None | https://github.com/yinyinnnnn/CVE-2017-7494-payload | POC Details |
| 19 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%85%B6%E4%BB%96%E6%BC%8F%E6%B4%9E/Samba%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-7494.md | POC Details |
| 20 | https://github.com/vulhub/vulhub/blob/master/samba/CVE-2017-7494/README.md | POC Details | |
| 21 | Custom Docker Image | https://github.com/FelipeR-UFBA/cve-2017-7494-fixed | POC Details |
| 22 | None | https://github.com/sudlit/CVE-2017-7494 | POC Details |
| 23 | CDT Ansible playbook for deploying CVE-2017-7494 aka "SambaCry" to an Ubuntu box | https://github.com/Zanex360/cdt-samba-deploy | POC Details |
| 24 | CDT Ansible playbook for deploying CVE-2017-7494 aka "SambaCry" to an Ubuntu box | https://github.com/Zanex360/cdt-vulnsamba-deploy | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-7494
请登录查看更多情报信息。
- https://security.netapp.com/advisory/ntap-20170524-0001/x_refsource_CONFIRM
- https://www.samba.org/samba/security/CVE-2017-7494.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-7494
IV. Related Vulnerabilities
V. Comments for CVE-2017-7494
No comments yet