E17-3g3e1
CVSS:
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2017
Description
This strike exploits a use-after-free vulnerability in Samba Team SMBv1 server.
The vulnerability is due to incorrect handling of objects in memory.
By sending a crafted request to target server, a remote attacker with permissions to connect to a share could execute arbitrary code in the context of smbd process.
NOTE: When run in OneArm mode, the strike requires a SMB share named "myshare" with anonymous access enabled.