Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian8.0Samba
APPSamba3.5.0 – 4.4.0 (bez)4.4.0 – 4.4.14 (bez)4.5.0 – 4.5.10 (bez)4.6.0 – 4.6.4 (bez)
CISA KEV — detailsi
- Vendori
- Samba
- Producti
- Samba
- Added to KEVi
- March 30, 2023
- Remediation deadline (US Federal)i
- April 20, 2023(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki