CVE Details

Release Date:2017-05-24


Samba since version 3.5.0 is vulnerable to remote code executionvulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

See more information about CVE-2017-7494 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 10 Base Metrics: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector: Network Attack Complexity: Low
Authentication: None required Confidentiality Impact: Complete
Integrity Impact: Complete Availability Impact: Complete

Errata information

PlatformErrataRelease Date
Oracle Linux version 5 (samba3x)ELSA-2017-12722017-05-26
Oracle Linux version 6 (samba)ELSA-2017-12702017-05-24
Oracle Linux version 6 (samba4)ELSA-2017-12712017-05-24
Oracle Linux version 7 (samba)ELSA-2017-12702017-05-24

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team