CVE-2017-12150

Опубликовано: 20 сент. 2017

Источник: redhat

CVSS3: 7.4

Описание

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Меры по смягчению последствий

The missing implied signing for 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e' can be enforced by explicitly using '--signing=required' on the commandline or "client signing = required" in smb.conf.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	samba	Will not fix
Red Hat Enterprise Linux 5	samba3x	Will not fix
Red Hat Enterprise Linux 6	samba	Fixed	RHSA-2017:2789	21.09.2017
Red Hat Enterprise Linux 6	samba4	Fixed	RHSA-2017:2791	21.09.2017
Red Hat Enterprise Linux 7	samba	Fixed	RHSA-2017:2790	21.09.2017
Red Hat Gluster Storage 3.3 for RHEL 6	samba	Fixed	RHSA-2017:2858	04.10.2017
Red Hat Gluster Storage 3.3 for RHEL 7	samba	Fixed	RHSA-2017:2858	04.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-300

https://bugzilla.redhat.com/show_bug.cgi?id=1488400samba: Some code path don't enforce smb signing, when they should

7.4 High

CVSS3

Связанные уязвимости

CVE-2017-12150

CVSS3: 7.4

ubuntu

почти 7 лет назад

CVE-2017-12150

CVSS3: 7.4

nvd

почти 7 лет назад

CVE-2017-12150

CVSS3: 7.4

msrc

9 месяцев назад

Описание отсутствует

CVE-2017-12150

CVSS3: 7.4

debian

почти 7 лет назад

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x ...

GHSA-3747-3v6r-p947

CVSS3: 7.4

github

около 3 лет назад

7.4 High

CVSS3