Published: 27/07/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an malicious user to read or alter the contents of the connection via a man-in-the-middle attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
redhat enterprise linux workstation 7.0
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.5
redhat enterprise linux 7.0
redhat enterprise linux server aus 7.4
debian debian linux 9.0
redhat enterprise linux desktop 7.0
debian debian linux 8.0
hp cifs server b.04.05.11.00

Samba could be made to expose sensitive information over the network ...

Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encryption when following DFS redirec ...

Synopsis Moderate: samba security update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Gluster Storage 33 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: samba security update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Moderate: samba security update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Gluster Storage 33 for RHEL 6 and Red Hat Gluster Storage 33 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...

Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker (CVE-2017-12163) SMB2 c ...

CWE-310 https://www.samba.org/samba/security/CVE-2017-12151.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151 https://www.debian.org/security/2017/dsa-3983 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us https://security.netapp.com/advisory/ntap-20170921-0001/https://access.redhat.com/errata/RHSA-2017:2858 https://access.redhat.com/errata/RHSA-2017:2790 http://www.securitytracker.com/id/1039401 http://www.securityfocus.com/bid/100917 https://usn.ubuntu.com/3426-1/https://nvd.nist.gov

CVE-2017-12151

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect