Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-12163

Опубликовано: 20 сент. 2017
Источник: redhat
CVSS3: 4.1
EPSS Средний

Описание

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Меры по смягчению последствий

As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding: server min protocol = SMB2_02 to the [global] section of your smb.conf and restarting smbd.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaWill not fix
Red Hat Enterprise Linux 6sambaFixedRHSA-2017:278921.09.2017
Red Hat Enterprise Linux 6samba4FixedRHSA-2017:279121.09.2017
Red Hat Enterprise Linux 7sambaFixedRHSA-2017:279021.09.2017
Red Hat Gluster Storage 3.3 for RHEL 6sambaFixedRHSA-2017:285804.10.2017
Red Hat Gluster Storage 3.3 for RHEL 7sambaFixedRHSA-2017:285804.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1491206Samba: Server memory information leak over SMB1

EPSS

Процентиль: 95%
0.19516
Средний

4.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-12163

CVSS3: 4.1
ubuntu
почти 7 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

nvd логотип

CVE-2017-12163

CVSS3: 4.1
nvd
почти 7 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

debian логотип

CVE-2017-12163

CVSS3: 4.1
debian
почти 7 лет назад

An information leak flaw was found in the way SMB1 protocol was implem ...

github логотип

GHSA-hvhw-9wrg-hf3q

CVSS3: 7.1
github
около 3 лет назад

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

fstec логотип

BDU:2021-01433

CVSS3: 7.1
fstec
почти 7 лет назад

Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 95%
0.19516
Средний

4.1 Medium

CVSS3