Think you have a false positive on this rule?

Sid 1-49090

Message

SERVER-SAMBA Samba isknownpipe arbitrary module load code execution attempt

Summary

Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Impact

Attempted User Privilege Gain

CVE-2017-7494:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2017-7494: Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Affected systems

  • samba samba 3.5.0
  • samba samba 3.5.1
  • samba samba 3.5.2
  • samba samba 3.5.3
  • samba samba 3.5.4
  • samba samba 3.5.5
  • samba samba 3.5.6
  • samba samba 3.5.7
  • samba samba 3.5.8
  • samba samba 3.5.9
  • samba samba 3.5.10
  • samba samba 3.5.11
  • samba samba 3.5.12
  • samba samba 3.5.13
  • samba samba 3.5.14
  • samba samba 3.5.15
  • samba samba 3.5.16
  • samba samba 3.5.17
  • samba samba 3.5.18
  • samba samba 3.5.19
  • samba samba 3.5.20
  • samba samba 3.5.21
  • samba samba 3.5.22
  • samba samba 3.6.0
  • samba samba 3.6.1
  • samba samba 3.6.2
  • samba samba 3.6.3
  • samba samba 3.6.4
  • samba samba 3.6.5
  • samba samba 3.6.6
  • samba samba 3.6.7
  • samba samba 3.6.8
  • samba samba 3.6.9
  • samba samba 3.6.10
  • samba samba 3.6.11
  • samba samba 3.6.12
  • samba samba 3.6.13
  • samba samba 3.6.14
  • samba samba 3.6.15
  • samba samba 3.6.16
  • samba samba 3.6.17
  • samba samba 3.6.18
  • samba samba 3.6.19
  • samba samba 3.6.20
  • samba samba 3.6.21
  • samba samba 3.6.22
  • samba samba 3.6.23
  • samba samba 3.6.24
  • samba samba 3.6.25
  • samba samba 4.0.0
  • samba samba 4.0.1
  • samba samba 4.0.2
  • samba samba 4.0.3
  • samba samba 4.0.4
  • samba samba 4.0.5
  • samba samba 4.0.6
  • samba samba 4.0.7
  • samba samba 4.0.8
  • samba samba 4.0.9
  • samba samba 4.0.10
  • samba samba 4.0.11
  • samba samba 4.0.12
  • samba samba 4.0.13
  • samba samba 4.0.14
  • samba samba 4.0.15
  • samba samba 4.0.16
  • samba samba 4.0.17
  • samba samba 4.0.18
  • samba samba 4.0.19
  • samba samba 4.0.20
  • samba samba 4.0.21
  • samba samba 4.0.22
  • samba samba 4.0.23
  • samba samba 4.0.24
  • samba samba 4.0.25
  • samba samba 4.0.26
  • samba samba 4.1.0
  • samba samba 4.1.1
  • samba samba 4.1.2
  • samba samba 4.1.3
  • samba samba 4.1.4
  • samba samba 4.1.5
  • samba samba 4.1.6
  • samba samba 4.1.7
  • samba samba 4.1.8
  • samba samba 4.1.9
  • samba samba 4.1.10
  • samba samba 4.1.11
  • samba samba 4.1.12
  • samba samba 4.1.13
  • samba samba 4.1.14
  • samba samba 4.1.15
  • samba samba 4.1.16
  • samba samba 4.1.17
  • samba samba 4.1.18
  • samba samba 4.1.19
  • samba samba 4.1.20
  • samba samba 4.1.21
  • samba samba 4.1.22
  • samba samba 4.1.23
  • samba samba 4.2.0
  • samba samba 4.2.1
  • samba samba 4.2.2
  • samba samba 4.2.3
  • samba samba 4.2.4
  • samba samba 4.2.5
  • samba samba 4.2.6
  • samba samba 4.2.7
  • samba samba 4.2.8
  • samba samba 4.2.9
  • samba samba 4.2.10
  • samba samba 4.2.11
  • samba samba 4.2.12
  • samba samba 4.2.13
  • samba samba 4.2.14
  • samba samba 4.3.0
  • samba samba 4.3.1
  • samba samba 4.3.2
  • samba samba 4.3.3
  • samba samba 4.3.4
  • samba samba 4.3.5
  • samba samba 4.3.6
  • samba samba 4.3.7
  • samba samba 4.3.8
  • samba samba 4.3.9
  • samba samba 4.3.10
  • samba samba 4.3.11
  • samba samba 4.4.0
  • samba samba 4.4.1
  • samba samba 4.4.2
  • samba samba 4.4.3
  • samba samba 4.4.4
  • samba samba 4.4.5
  • samba samba 4.4.6
  • samba samba 4.4.7
  • samba samba 4.4.8
  • samba samba 4.4.9
  • samba samba 4.4.10
  • samba samba 4.4.11
  • samba samba 4.4.12
  • samba samba 4.4.13
  • samba samba 4.5.0
  • samba samba 4.5.1
  • samba samba 4.5.2
  • samba samba 4.5.3
  • samba samba 4.5.4
  • samba samba 4.5.5
  • samba samba 4.5.6
  • samba samba 4.5.7
  • samba samba 4.5.8
  • samba samba 4.5.9
  • samba samba 4.6.0
  • samba samba 4.6.1
  • samba samba 4.6.2
  • samba samba 4.6.3
  • samba samba 4.6.5

Ease of attack

CVE-2017-7494:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • www.samba.org/samba/security/CVE-2017-7494.html