10
CVSSv2

CVE-2017-7494

Published: 30/05/2017 Updated: 21/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Samba since version 3.5.0 and prior to 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Vulnerability Trend

Affected Products

Vendor Product Versions
SambaSamba3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.5.20, 3.5.21, 3.5.22, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.0.25, 4.0.26, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.5

Vendor Advisories

Synopsis Important: samba security update Type/Severity Security Advisory: Important Topic An update for samba is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat Enterp ...
Synopsis Important: samba3x security update Type/Severity Security Advisory: Important Topic An update for samba3x is now available for Red Hat Enterprise Linux 5 ExtendedLifecycle SupportRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring ...
Synopsis Important: samba security update Type/Severity Security Advisory: Important Topic An update for samba is now available for Red Hat Gluster Storage 32 for RHEL 6 and Red Hat Gluster Storage 32 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis Important: samba security update Type/Severity Security Advisory: Important Topic An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Synopsis Important: samba4 security update Type/Severity Security Advisory: Important Topic An update for samba4 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Samba could be made to run programs as an administrator ...
Samba could be made to run programs as an administrator ...
steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it For the stable distribution (jessie), this problem has been fixed in ...
On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system This vulnerability has been assigned CVE ID CVE-2017-7494 This advisory is available at the following link: toolsciscocom/security/center/content/CiscoSec ...
Arch Linux Security Advisory ASA-201705-22 ========================================== Severity: High Date : 2017-05-30 CVE-ID : CVE-2017-7494 Package : samba Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-279 Summary ======= The package samba before version 4510-1 is vulnerable to arbitrary co ...
All versions of Samba from 350 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it ...
A remote code execution flaw was found in Samba A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root (CVE-2017-7494 ) It was found that Samba always requested forwardable tickets when using Kerberos authentication A service to which Samba authenticated using Kerberos ...
Summary All versions of Samba from 350 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it Affected Products Brocade is investigating its product lines to determine which products may be affected by this vu ...
Oracle Solaris Third Party Bulletin - April 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle Linux Bulletin - April 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client def initialize(info = {}) super(update_info(in ...
#! /usr/bin/env python # Title : ETERNALRED # Date: 05/24/2017 # Exploit Author: steelo <knownsteelo@gmailcom> # Vendor Homepage: wwwsambaorg # Samba 350 - 454/4510/4414 # CVE-2017-7494 import argparse import ospath import sys import tempfile import time from smbSMBConnection import SMBConnection from smb import smb_st ...

Mailing Lists

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 350 to 4414, 4510, and 464 This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder In some cases, anonymous access combined with common filesys ...
Samba version 350 remote code execution exploit Written in python ...
Samba versions 350 through 4414, 4510, and 464 is_known_pipename() remote code execution exploit ...

Nmap Scripts

smb-vuln-cve-2017-7494

Checks if target machines are vulnerable to the arbitrary shared library load vulnerability CVE-2017-7494.

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:16:04:53 (VMware)

| smb-vuln-cve-2017-7494:
|   VULNERABLE:
|   SAMBA Remote Code Execution from Writable Share
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-7494
|     Risk factor: HIGH  CVSSv3: 7.5 (HIGH) (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
|       All versions of Samba from 3.5.0 onwards are vulnerable to a remote
|       code execution vulnerability, allowing a malicious client to upload a
|       shared library to a writable share, and then cause the server to load
|       and execute it.
|
|     Disclosure date: 2017-05-24
|     Check results:
|       Samba Version: 4.3.9-Ubuntu
|       Writable share found.
|        Name: \\192.168.15.131\test
|       Exploitation of CVE-2017-7494 succeeded!
|     Extra information:
|       All writable shares:
|        Name: \\192.168.15.131\test
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
|_      https://www.samba.org/samba/security/CVE-2017-7494.html

Metasploit Modules

Samba is_known_pipename() Arbitrary Module Load

This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.

msf > use exploit/linux/samba/is_known_pipename
      msf exploit(is_known_pipename) > show targets
            ...targets...
      msf exploit(is_known_pipename) > set TARGET <target-id>
      msf exploit(is_known_pipename) > show options
            ...show and set options...
      msf exploit(is_known_pipename) > exploit

Github Repositories

SambaCry RCE exploit for Samba 459 Samba is a free software re-implementation of the SMB/CIFS networking protocol Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member As of version 4, it supports Active Directory and Microsoft Windows

CVE-2017-7494 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2017-7494 Image author: githubcom/opsxcq/exploit-CVE-2017-7494

CVE-2017-7494 Remote root exploit for the SAMBA CVE-2017-7494 vulnerability Details This exploit is divided in 2 parts: First, it compiles a payload called "implantc" and generates a library (libimplantx32so or libimplantx64so) that changes to the root user, detaches from the parent process and spawns a reverse shell Second, it finds a writeable share in the spe

SambaHunter It is a simple script to exploit RCE for Samba (CVE-2017-7494) Requirements sudo apt-get install smbclient pip install pysmbclient Usage # python sambahunterpy -h ____ _ _ _ _ / ___| __ _ _ __ ___ | |__ __ _| | | |_ _ _ __ | |_ ___ _ __ \___ \ / _` | '_ ` _ \| '_ \ / _` | |_| | | | | 

CVE-2017-7494 hello i,am Gihad from Libya &gt; 17 C information On Exploit ========================================================================================== This module triggers an arbitrary shared library load vulnerability in Samba versions 350 to 4414, 4510, and 464 This module requires valid credentials, a writeable folder in an accessible share, and k

CVE-2017-7494 CVE-2017-7494 C poc 利用CVE-2017-7494反弹shell 1首先编译samba_initc,生成libsambaso 2修改is_known_pipenamec中的相关地址,编译执行

wannafind Simple script using nmap to detect CVE-2017-0143 MS17-010 (Windows SMB) and CVE-2017-7494 (SAMBA) in your network Usage: wannafindsh IP|Network wannafindsh 19216810/24

Awesome Pentesting Tools A list of pentesting tools, packages and resources For more info, check out blackbuntu linux CRACKING TOOLS AccCheck labsportculliscouk/ Brutespray githubcom/x90skysn3k/brutespray CacheDump githubcom/moyix/creddump CeWL githubcom/digininja/CeWL CredCrack githubcom/gojhonny/CredCrack Crowbar githu

SambaCry CVE-2017-7494nse - Nmap Detection Script

Samba-CVE-2017-7494 wwwzer0d0yinfo/post/notes-on-bug-hunting-labs/

Ansible role bertvvsamba An Ansible role for setting up Samba as a file server It is tested on CentOS, Debian, Ubuntu and Arch Linux Specifically, the responsibilities of this role are to: Install the necessary packages Configure SELinux settings (when SELinux is active) Create share directories Manage Samba users and passwords Manage access to shares The following are no

Basic Setup Install Samba version 459 downloadsambaorg/pub/samba/stable/samba-459targz wikisambaorg/indexphp/Build_Samba_from_Source Get patched version of Impacket pip install -r requirementstxt Usage Start Samba server in interactive mode + debug print sudo /home/ubuntu/samba-459/bin/smbd -i --debuglevel=10 --configfile=/etc/samba/smbconf C

Scripts and Commands General Purpose Programs find find is a recursive search for file names Its general use is such: find path -name PATTERN An example would be something like this phillip:ScriptsAndCommands$ find ~/scripts -name "*sh" /home/phillip/scripts/serverStartsh /home/phillip/scripts/dns-enumsh /home/phillip/scripts/ScriptsAndCommands/dns-enumsh /ho

nmap-python A Python wrapper for my most used nmap scripts It's not a substitute for nmap knowledge but it makes running common scripts fast and easy as you don't have to remember script names It's easy to edit the code in the case select statements and change the scipts if you want to use different nmap scripts Written in Python 344, it prints the Python ve

Pre-engagement Log all commands of the current session script engagement_xlog exit # when finished Use keepnote or other to document findings Create a screenshot of the selected area and save it at home directory $ alias ss='import ~/ss-$(date +%F_%H%M_%S)png' Set the Target IP Address to the $ip system variable
 $ export ip=target_ip General methodology

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing [] stored XSS that allows CSS injection : {}*{xss:expression(open(alert(1)))} URL Rewriting Relative addressing to CSS style sheet : /stylecss A collection of awesome penetration testing resources (javascript:prompt(1)) This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

渗透测试工具合集 Contents Anonymity Tools Anti-virus Evasion Tools Books Defensive Programming Books Hacker's Handbook Series Books Lock Picking Books Malware Analysis Books Network Analysis Books Penetration Testing Books Reverse Engineering Books Social Engineering Books Windows Books CTF Tools Collaboration Tools Conferences and Events Docker Containers Doc

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

pentest-tools a collection of best pentest resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Contents Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence (OSINT) Resources Social

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

MLRT Kolayca r00t olabileceğiniz bir program Hangi seneler için geçerli ? 2017 / 2016 / 2015 Hangi exploitler var ? CVE-2017-6074 / CVE-2017-7308 / CVE-2017-7494 / CVE-2016-2384 / CVE-2016-9793 / CVE-2015-1328 / CVE-2015-7547 Bunun bize ne kolaylığı var Sadece siz hangi exploiti istiyorsanız seçiyorsunuz ve program herşeyi kendisi hallediyor :)

Orion Framework Kali Linux Edition is intended for and was tested on Kali linux Orion Framework is a recon and attack frameworkOrion Framework currently contains one main module "Orion's toolbelt" There are many other modules in development Orion's Toolbelt consists of many modules that preform recon for personal, domain, and network information Here is a

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

awesome-c A curated list of awesome C frameworks, libraries and software git/git - Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored Please follow Documentation/SubmittingPatches procedure for any of your improvements SamyPesse/How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++ ggreer/the_silve

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff To achieve that, it combines ope

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

Name Description CVE-2015-5531 Directory traversal vulnerability in Elasticsearch before 161 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls CVE-2016-1909 Fortinet FortiAnalyzer before 5012 and 52x before 525; FortiSwitch 33x before 333; FortiCache 30x before 308; and FortiOS 41x before 4111, 42x

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile BitBake Bro C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask

Twitter: @Hktalent3135773 see Pro online to 51pwncom, or exploit-poccom penetration tools dependencies Command Description kali linux recommend system node js program runtime javac、java auto generate payload metasploit auto generate payload,and autoexploit gcc auto generate payload tmux auto background send payload, shell

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2016-5195  [Dirty cow] (Linux kernel&gt;2622 (released in 2007)) CVE-2016-0728  [pp_key] (380, 381, 382, 383, 38

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

Linux-Kernel-Exploit #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kernel before 414 - 44) CVE-2017-16939  

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Samba slip-up smackdown: HPE stops NonStop Server bugs
The Register • Richard Chirgwin • 11 Jul 2017

If SambaCry escaped your notice in June, get busy

HPE NonStop users running Samba need to get busy applying workarounds to a pair of remotely exploitable vulnerabilities.
The first, SambaCry, has been present in Samba since 2010 but was named and outed in late May 2017. Assigned CVE-2017-7494, it allowed a malicious Samba client with write access could execute code as root.
F5 Networks explained that all the attacker need do is upload a shared library to a writable share, because the server will execute it with the privileges of the...

Attackers Mining Cryptocurrency Using Exploits for Samba Vulnerability
Threatpost • Michael Mimoso • 12 Jun 2017

Unknown attackers are using a recently patched vulnerability in Samba to spread a resource-intensive cryptocurrency mining utility. To date, the operation has netted the attackers just under $6,000 USD, but the number of compromised computers is growing, meaning that a significant number of Samba deployments on *NIX servers remain unpatched.
The attack also demonstrates that the vulnerability in Samba, CVE-2017-7494, can extend EternalBlue-like attacks into Linux and UNIX environments. Sam...

SambaCry is coming
Securelist • Mikhail Kuzin Yaroslav Shmelev Dmitry Galov • 09 Jun 2017

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). This vulnerability (CVE-2017-7494) relates to all versions of Samba, starting from 3.5.0, which was released in 2010, and was patched only in the latest versions of the package (4.6.4/4.5.10/4.4.14).
On May 30th our honeypots captured the first attack to make use of this particular vulnerability,...

Cisco, Netgear Readying Patches for Samba Vulnerability
Threatpost • Chris Brook • 31 May 2017

Device manufacturers are combing through code again this week to determine whether their products are affected by a vulnerability tied to the SMB file-sharing protocol.
The vulnerability, (CVE-2017-7494) disclosed last Wednesday, affects versions of 3.5.0 onward of Samba, the free software re-implementation of the SMB/CIFS networking protocol. If exploited, the bug could allow authenticated attackers to execute arbitrary code remotely and take control of an affected system.

Sa...

Samba Patches Wormable Bug Exploitable With One Line Of Code
Threatpost • Tom Spring • 25 May 2017

A patch for a critical vulnerability impacting the free networking software Samba was issued Wednesday. The flaw poses a severe threat to users, with approximately 104,000 Samba installations vulnerable to remote takeover. More troubling, experts say, the vulnerability can be exploited with just one line of code.
Samba is a popular standard for providing Windows-based file and print services. It allows for interoperability between Unix and Linux systems and Microsoft Windows. With it, Lin...

Fat-thumbed dev slashes Samba security
The Register • Richard Chirgwin • 25 May 2017

Remote code execution in all versions since 3.5.0, so it's patching time!

Sysadmins tending Samba need to get patching.
Samba's announcement, here, explains that it's suffering from a remote code execution bug that applies to all versions newer than Samba 3.5.0.
The software, currently at version 4.6.4, provides *nix integration with Windows file and print services.
In CVE-2017-7494, a malicious client can “upload a shared library to a writable share, and then cause the server to load and execute it.”
The advisory is scant on how this happe...