← Back

CVE-2017-12151

nvd nist
Published: Jul 27, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.4
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.2 / Impact: 5.2
Source: NVD

Description

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Affected (12)

Show all products
Samba: Samba · Debian: Debian Linux · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation · Hp: Cifs Server
Samba
1 product
Samba
Debian
1 product
Debian Linux
Redhat
5 products
Enterprise Linux
Enterprise Linux Desktop
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Workstation
Hp
1 product
Cifs Server
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Samba
Samba
Before 4.4.16
Samba
From 4.5.0 to 4.5.14
Samba
From 4.6.0 to 4.6.8
Configuration B
8 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Enterprise Linux
Version 7.0
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Server Aus
Version 7.4
Redhat
Enterprise Linux Server Eus
Version 7.4
Enterprise Linux Server Eus
Version 7.5
Enterprise Linux Workstation
Version 7.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Cifs Server
Version b.04.05.11.00

Related CWEs

CWE-300
Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
CWE-310
CWE-310

References (18)

Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.