May 15, 2024, 4:47 p.m. | David Eduardo Karpinski

System Weakness - Medium

All right, guys. Today I want to share with you how I was able to arbitrarily read e-mails with sensitive information from a Dovecot server by exploiting Samba is_known_pipename() Arbitrary Module Load vulnerability.

CVE-2017–7494: is_known_pipename()

This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access …

exploitation hacking pop security smb

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Staff Technical Support Engineer - Endpoint Security

@ Palo Alto Networks | Singapore, Singapore

Identity and Access Management (IAM) Engineer

@ Vodafone | Madrid, ES

Director, Product and Solutions Marketing - CIAM Solutions

@ ForgeRock | USA - Remote - Austin, TX

Ingénieur de Production IAM (H/F)

@ CITECH | Marseille, France