=======================================================
== Subject: Remote code execution from a writable share.
== CVE ID#: CVE-2017-7494
== Versions: All versions of Samba from 3.5.0 onwards.
== Summary: Malicious clients can upload and cause the smbd server
== to execute a shared library from a writable share.
=======================================================
Patch Availability ------------------ A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/.
Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.
CVE ID: CVE-2017-7494
Ubuntu - Bulletin: USN-3296-1 and USN-3296-2
Patch Versions :
* Only for Ubuntu 12.04 ESM subscribers
- Ubuntu 17.04: 2:4.5.8+dfsg-0ubuntu0.17.04.2
- Ubuntu 16.10: 2:4.4.5+dfsg-2ubuntu5.6
- Ubuntu 16.04: 2:4.3.11+dfsg-0ubuntu0.16.04.7
- Ubuntu 14.04: 2:4.3.11+dfsg-0ubuntu0.14.04.8
- *Ubuntu 12.04: 2:3.6.25-0ubuntu0.12.04.11
Debian - Bulletin: DSA-3860-1
Patch Versions:
- Debian 8: 2:4.2.14+dfsg-0+deb8u6
- Debian 7: 2:3.6.6-6+deb7u13
Regards,
-----
R Romanus Prabhu
Technical Account Manager
Desktop and Mobile Device Management Solution
Direct Support : +1 408 916 9886
Toll Free: +1 888 720 9500 (US) | 0800 028 6590 (UK) | +1 800 631 268 (AUS)
[ Desktop Management | Desktop Mgmt for MSP | OS Deployment | Mobile Device Mgmt | SCCM 3rd Party Patch Mgmt | Patch Manager Plus ]