Team Samba Project released updates to Samba 4. 4, 4. 10 and 4. 14, which eliminates the critical vulnerability CVE-2017-7494, which allows executing arbitrary code on the server if you have write access to the server's storage.

The problem allows a malicious client to load a shared library and initiate its loading by the server. Vulnerabilities are subject to version Samba 3. 0 and above. Developers also submitted additional patches for older versions.

As a temporary measure to prevent exploitation of the problem, developers suggest adding the nt pipe support = no parameter to the [global] smb section. Conf and restart smbd.

All Samba users are advised to update to corrective releases as soon as possible.

Samba is a free software package that allows you to access network drives and printers on different operating systems using the SMB / CIFS protocol. Has client and server parts. Released under the GPL.