[Samba] CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu

Data Control Systems - Mike Elkevizth mike at datacontrolsystems.com
Thu May 25 16:59:23 UTC 2017

According to the changelog from Ubuntu (
this fix has been backported into the Ubuntu 4.3.11 packages.

samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 19 May 2017
14:18:13 -0400

Mike E.

On Thu, May 25, 2017 at 12:54 PM, Anderson Hoffmann do Carmo via samba <
samba at lists.samba.org> wrote:

> Hi
> We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with
> some Windows Clients
> The Ubuntu repository not update samba package (last version is 4.3.11).
> Please, how am i can fix the CVE-2017-7494 (Remote code execution from a
> writable share) in my SAMBA server?
> Should option 'nt pipe support = no' will influence how SAMBA_AD works?
> Anderson Hoffmann
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list