Short Name |
SMB:SAMBA:USE-AFTER-FREE-CE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
SMB |
Keywords |
Samba SMB1 smb_request_done Use After Free |
Release Date |
2017/12/12 |
Update Number |
3016 |
Supported Platforms |
idp-4.1.110110609+, isg-3.4.139899+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A use after free vulnerability has been reported in the SMB1 component of Samba. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted SMB1 commands to the target server. Successful exploitation could result in arbitrary code execution in the security context of the Samba service.
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.