An update for samba4 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible machines
to share files, printers, and other information.
* A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)
Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.
1450347 – CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE