Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Published

2018-07-27T12:29:00.223

Last Modified

2024-11-21T03:08:56.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-300
Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	samba	< 4.4.16	Yes
Application	samba	samba	< 4.5.14	Yes
Application	samba	samba	< 4.6.8	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.5	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	hp	cifs_server	b.04.05.11.00	Yes

References

http://www.securityfocus.com/bid/100917 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039401 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:2790 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2858 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151 Issue Tracking, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20170921-0001/ Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us Third Party Advisory ([email protected])
https://www.debian.org/security/2017/dsa-3983 Third Party Advisory ([email protected])
https://www.samba.org/samba/security/CVE-2017-12151.html Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/100917 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039401 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2790 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2858 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20170921-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-3983 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.samba.org/samba/security/CVE-2017-12151.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)