Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-12151

Опубликовано: 27 июл. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 7.4

Описание

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

РелизСтатусПримечание
devel

released

2:4.6.7+dfsg-1ubuntu3
esm-infra-legacy/trusty

not-affected

2:4.3.11+dfsg-0ubuntu0.14.04.12
esm-infra/xenial

not-affected

2:4.3.11+dfsg-0ubuntu0.16.04.11
precise/esm

not-affected

trusty

released

2:4.3.11+dfsg-0ubuntu0.14.04.12
trusty/esm

not-affected

2:4.3.11+dfsg-0ubuntu0.14.04.12
upstream

released

4.6.8,4.5.14,4.4.16
vivid/ubuntu-core

DNE

xenial

released

2:4.3.11+dfsg-0ubuntu0.16.04.11
zesty

released

2:4.5.8+dfsg-0ubuntu0.17.04.7

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%
0.021
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-12151

CVSS3: 7.4
redhat
почти 8 лет назад

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

nvd логотип

CVE-2017-12151

CVSS3: 7.4
nvd
почти 7 лет назад

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

debian логотип

CVE-2017-12151

CVSS3: 7.4
debian
почти 7 лет назад

A flaw was found in the way samba client before samba 4.4.16, samba 4. ...

github логотип

GHSA-xc7p-hf9j-w53w

CVSS3: 7.4
github
около 3 лет назад

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

fstec логотип

BDU:2019-00224

CVSS3: 7.4
fstec
почти 8 лет назад

Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием требования подписи и шифрования SMB-трафика при использовании перенаправлений DFS, позволяющая нарушителю реализовать атаку «человек посередине»

EPSS

Процентиль: 83%
0.021
Низкий

5.8 Medium

CVSS2

7.4 High

CVSS3