| VID |
23273 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.7.x prior to 4.7.3. It is, therefore, affected by multiple vulnerabilities.
- Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. (CVE-2017-14746)
- Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. (CVE-2017-15275)
* References:
https://www.samba.org/samba/security/CVE-2017-14746.html
https://www.samba.org/samba/security/CVE-2017-15275.html
https://www.samba.org/samba/history/samba-4.7.3.html
* Platforms Affected:
Samba Project, Samba versions 4.7.x before 4.7.3
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.7.3 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2017-14746,CVE-2017-15275 (CVE) |
| Related URL |
101907,101908 (SecurityFocus) |
| Related URL |
(ISS) |
|
