漏洞类别:General remote services
漏洞等级: 
漏洞信息
Samba is a freely available file and printer sharing application. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms.
The vulnerability allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Affected Versions:
Samba versions 3.5.0 onwards 4.6.4, 4.5.10 and 4.4.14 are vulnerable
QID Detection Logic (Authenticated):
On Unix systems, this QID detects vulnerable Samba versions by launching the smbstatus command.
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by getting the version remotely via samba.
漏洞危害
Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.
解决方案
Customers are advised to install Samba 4.6.4, 4.5.10, 4.4.14 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论