Korean
<< Back
VID 23272
Severity 30
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.6.x prior to 4.6.11. It is, therefore, affected by multiple vulnerabilities.

- Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. (CVE-2017-14746)

- Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. (CVE-2017-15275)

* References:
https://www.samba.org/samba/security/CVE-2017-14746.html
https://www.samba.org/samba/security/CVE-2017-15275.html
https://www.samba.org/samba/history/samba-4.6.11.html

* Platforms Affected:
Samba Project, Samba versions 4.6.x before 4.6.11
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.6.11 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2017-14746,CVE-2017-15275 (CVE)
Related URL 101907,101908 (SecurityFocus)
Related URL (ISS)