Red Hat Enterprise Linux CVE-2017-7494 (a remote code execution flaw was found in Samba) malicious authenticated samba client having write access to the samba share could use this flaw to execute arbitrary code as root
Workaround – add the parameter
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients e.g. when you type \\10.100.10.2\ from Windows Explorer on a samba server you would get a permission denied Windows clients would have to manually specify the share as \\10.100.10.2\share_name to access the share