Skip to end of metadata
Go to start of metadata

WannaCry - SambaCry CVE-2017-7494
  Remote code execution from a writable share

Vulnerability Summary for Samba CVE-2017-7494

Original release date: May 24 2017
Updated: May 29 2017


All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
If you use Samba (i.e. from openindiana "userland") you should update immediately.  Here are the patched Samba versions:

Native SMB

The vulnerability in Samba depends on a weakness in the "named pipe" implementation that the "Native" SMB implementation in illumos does not share.
The "Native" SMB implementation is not vulnerable to CVE-2017-7494.