Bird_banner_small4
Samba SMB1 smb_request_done Use After Free
TSL ID TSL20171122-09
CVE ID(s) CVE-2017-14746
Severity High
Description

A use after free vulnerability has been reported in the SMB1 component of Samba. The vulnerability is due to insufficient handling of TIDs in certain circumstances.

A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted SMB1 commands to the target server. Successful exploitation could result in arbitrary code execution in the security context of the Samba service.

The vendor, Samba, has released the following advisory regarding this vulnerability:

https://www.samba.org/samba/security/CVE-2017-14746.html

Affected Products
  • Samba Team Samba 4.0.0 to 4.5.15
  • Samba Team Samba 4.0.0 to 4.6.11
  • Samba Team Samba 4.0.0 to 4.7.3
CVSS Score Base 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is SINGLE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 4.4 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://www.samba.org/samba/security/CVE-2017-14746.html
Related Threats