Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-12163

Опубликовано: 26 июл. 2018
Источник: nvd
CVSS3: 4.1
CVSS3: 7.1
CVSS2: 4.8
EPSS Средний

Описание

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия до 4.4.16 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.5.0 (включая) до 4.5.14 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.6.0 (включая) до 4.6.8 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.19272
Средний

4.1 Medium

CVSS3

7.1 High

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-200
CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2017-12163

CVSS3: 4.1
ubuntu
почти 7 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

redhat логотип

CVE-2017-12163

CVSS3: 4.1
redhat
почти 8 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

debian логотип

CVE-2017-12163

CVSS3: 4.1
debian
почти 7 лет назад

An information leak flaw was found in the way SMB1 protocol was implem ...

github логотип

GHSA-hvhw-9wrg-hf3q

CVSS3: 7.1
github
около 3 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

fstec логотип

BDU:2021-01433

CVSS3: 7.1
fstec
почти 7 лет назад

Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 95%
0.19272
Средний

4.1 Medium

CVSS3

7.1 High

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-200
CWE-200