Vulnerability Summary for Samba CVE-2017-7494
Original release date: May 24 2017
Updated: May 29 2017
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
If you use Samba (i.e. from openindiana "userland") you should update immediately. Here are the patched Samba versions:
The vulnerability in Samba depends on a weakness in the "named pipe" implementation that the "Native" SMB implementation in illumos does not share.
The "Native" SMB implementation is not vulnerable to CVE-2017-7494.