Test ID:	1.3.6.1.4.1.25623.1.0.108294
Category:	General
Title:	Samba Server 'CVE-2017-14746' Use-after-free Vulnerability
Summary:	Samba is prone to a use-after-free vulnerability.
Description:	Summary: Samba is prone to a use-after-free vulnerability. Vulnerability Insight: The flaw exists due to a client which may use an SMB1 request to manipulate the contents of heap space. Vulnerability Impact: A malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. Affected Software/OS: Samba versions 4.0.0 to 4.5.14, 4.6.x prior to 4.6.11, 4.7.x prior to 4.7.3 with enabled SMBv1 support. Solution: Update to Samba 4.5.15, 4.6.11, 4.7.3 or later. Workaround: Prevent SMB1 access to the server by setting the parameter: server min protocol = SMB2 to the [global] section of your smb.conf and restart smbd. This prevents a SMB1 access to the server. Note this could cause older clients to be unable to connect to the server. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14746 BugTraq ID: 101907 http://www.securityfocus.com/bid/101907 Debian Security Information: DSA-4043 (Google Search) https://www.debian.org/security/2017/dsa-4043 https://security.gentoo.org/glsa/201805-07 RedHat Security Advisories: RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3260 RedHat Security Advisories: RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3261 RedHat Security Advisories: RHSA-2017:3278 https://access.redhat.com/errata/RHSA-2017:3278 http://www.securitytracker.com/id/1039856 http://www.ubuntu.com/usn/USN-3486-1
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.