Executive Summary

Informations
NameCVE-2017-14746First vendor Publication2017-11-27
VendorCveLast vendor Modification2018-10-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746

CWE : Common Weakness Enumeration

%idName
100 %CWE-416Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application156
Os4
Os2
Os2
Os2
Os2

Snort® IPS/IDS

DateDescription
2018-01-23Samba tree connect andx memory corruption attempt
RuleID : 45255 - Revision : 2 - Type : SERVER-SAMBA

Nessus® Vulnerability Scanner

DateDescription
2018-09-18Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1238.nasl - Type : ACT_GATHER_INFO
2018-05-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201805-07.nasl - Type : ACT_GATHER_INFO
2018-01-15Name : The remote Fedora host is missing a security update.
File : fedora_2017-791c5d52be.nasl - Type : ACT_GATHER_INFO
2017-12-26Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-933.nasl - Type : ACT_GATHER_INFO
2017-12-14Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1315.nasl - Type : ACT_GATHER_INFO
2017-12-14Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1316.nasl - Type : ACT_GATHER_INFO
2017-12-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1314.nasl - Type : ACT_GATHER_INFO
2017-12-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1315.nasl - Type : ACT_GATHER_INFO
2017-12-01Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3155-1.nasl - Type : ACT_GATHER_INFO
2017-11-30Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3278.nasl - Type : ACT_GATHER_INFO
2017-11-30Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20171129_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-11-29Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3278.nasl - Type : ACT_GATHER_INFO
2017-11-29Name : The remote Samba server is affected by multiple vulnerabilities.
File : samba_4_6_11.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-332-01.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-3260.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote Fedora host is missing a security update.
File : fedora_2017-366046c758.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3261.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20171127_samba_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-11-28Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3104-1.nasl - Type : ACT_GATHER_INFO
2017-11-27Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3260.nasl - Type : ACT_GATHER_INFO
2017-11-27Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3260.nasl - Type : ACT_GATHER_INFO
2017-11-27Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3086-1.nasl - Type : ACT_GATHER_INFO
2017-11-22Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4043.nasl - Type : ACT_GATHER_INFO
2017-11-22Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3486-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/101907
CONFIRM https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
https://www.samba.org/samba/security/CVE-2017-14746.html
https://www.synology.com/support/security/Synology_SA_17_72_Samba
DEBIAN https://www.debian.org/security/2017/dsa-4043
GENTOO https://security.gentoo.org/glsa/201805-07
REDHAT https://access.redhat.com/errata/RHSA-2017:3260
https://access.redhat.com/errata/RHSA-2017:3261
https://access.redhat.com/errata/RHSA-2017:3278
SECTRACK http://www.securitytracker.com/id/1039856
UBUNTU http://www.ubuntu.com/usn/USN-3486-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
DateInformations
2019-07-20 12:01:56
  • Multiple Updates
2018-10-21 17:19:40
  • Multiple Updates
2018-10-17 12:07:30
  • Multiple Updates
2018-05-10 09:19:35
  • Multiple Updates
2017-12-30 09:22:05
  • Multiple Updates
2017-12-21 00:22:49
  • Multiple Updates
2017-12-15 13:23:45
  • Multiple Updates
2017-12-02 13:23:48
  • Multiple Updates
2017-12-02 09:21:46
  • Multiple Updates
2017-12-01 13:23:46
  • Multiple Updates
2017-11-30 13:23:42
  • Multiple Updates
2017-11-29 13:24:01
  • Multiple Updates
2017-11-29 09:21:47
  • Multiple Updates
2017-11-28 13:23:45
  • Multiple Updates
2017-11-28 05:20:35
  • First insertion