Exploit for #VU6676 Insecure library loading in Samba

Published: 2020-03-18 | Updated: 2023-03-01

Vulnerability identifier: #VU6676

Vulnerability risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-7494

CWE-ID: CWE-426

Exploitation vector: Local network

Exploits in database: 14

March 1, 2023
- CVE-2017-7494_SambaCry (SambaCry (CVE-2017-7494) exploit for Samba | bind shell without Metasploit) [Github]
November 2, 2022
- CVE-2017-7494_SambaCry (SambaCry (CVE-2017-7494) exploit for Samba | bind shell without Metasploit) [Github]
August 7, 2022
- exploit-CVE-2017-7494 (SambaCry exploit (CVE-2017-7494) ) [Github]
May 19, 2022
- exploit-CVE-2017-7494 (SambaCry exploit (CVE-2017-7494) ) [Github]
May 18, 2021
- BIT-EternalBlue-for-macOS_Linux (Exploit CVE-2017-7494 for Net Security course final Assignment. This would reveal the vulnerability of services that run in administrative priority on Linux.) [Github]
May 9, 2021
- noSAMBAnoCRY-CVE-2017-7494 (CVE-2017-7494 python exploit) [Github]
March 18, 2020
- SambaHunter (It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).) [Github]
- cve-2017-7494 (Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)) [Github]
- exploit-CVE-2017-7494 (SambaCry exploit and vulnerable container (CVE-2017-7494)) [Github]
- CVE-2017-7494 (Remote root exploit for the SAMBA CVE-2017-7494 vulnerability) [Github]
- labs (Vulnerability Labs for security analysis) [Github]
- Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) [Exploit-DB]
- Samba 3.5.0 - Remote Code Execution [Exploit-DB]
- Samba is_known_pipename() Arbitrary Module Load [Metasploit]

Impact: Code execution

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba