PT-2017-3735 · Samba+5 · Samba+5

Stefan Metzmacher

Publicado

2017-09-20

Atualizado

2024-06-15

CVE-2017-12150

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.4.16 Samba versions 4.5.x prior to 4.5.14 Samba versions 4.6.x prior to 4.6.8

Description: The issue is related to the lack of enforcement of "SMB signing" in certain configuration options, allowing a remote attacker to launch a man-in-the-middle attack and retrieve information in plain-text. This enables the attacker to hijack client connections.

Recommendations: For Samba versions prior to 4.4.16, update to version 4.4.16 or later. For Samba versions 4.5.x prior to 4.5.14, update to version 4.5.14 or later. For Samba versions 4.6.x prior to 4.6.8, update to version 4.6.8 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-300

Identificadores relacionados

ALT-PU-2017-2287

ALT-PU-2017-2288

ALT-PU-2018-2488

ALT-PU-2018-2489

AZL-45336

BDU:2019-00223

BDU:2019-00224

CESA-2017_2789

CESA-2017_2790

CESA-2017_2791

CVE-2017-12150

DLA-1110-1

DSA-3983-1

ECHO-FA4E-222F-E146

MGASA-2018-0022

MGASA-2018-0023

OPENSUSE-SU-2024:11365-1

RHSA-2017:2789

RHSA-2017:2790

RHSA-2017:2791

RHSA-2017:2858

RHSA-2017_2789

RHSA-2017_2790

RHSA-2017_2791

SUSE-SU-2017:2650-1

SUSE-SU-2017:2695-1

SUSE-SU-2017:2704-1

SUSE-SU-2017:2715-1

SUSE-SU-2017:2726-1

SUSE-SU-2017:2971-1

SUSE-SU-2017:3155-1

SUSE-SU-2017_2650-1

SUSE-SU-2017_2695-1

SUSE-SU-2017_2704-1

SUSE-SU-2017_2715-1

SUSE-SU-2017_2726-1

SUSE-SU-2017_2971-1

SUSE-SU-2017_3155-1

USN-3426-1

USN-3426-2

Produtos afetados

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2017-3735 · Samba+5 · Samba+5

CVE-2017-12150

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 157