PT-2017-4079 · Samba+5 · Samba+5

Publicado

2017-09-20

·

Atualizado

2024-06-15

·

CVE-2017-12163

CVSS v3.1

7.1

Alta

VetorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.4.16 Samba versions 4.5.x prior to 4.5.14 Samba versions 4.6.x prior to 4.6.8
Description An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the Samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. This issue allows attackers with write access to a share to cause server memory contents to be written into a file or printer, potentially leading to access to confidential data and disruption of its integrity.
Recommendations For Samba versions prior to 4.4.16, update to version 4.4.16 or later. For Samba versions 4.5.x prior to 4.5.14, update to version 4.5.14 or later. For Samba versions 4.6.x prior to 4.6.8, update to version 4.6.8 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2017-2287
ALT-PU-2017-2288
ALT-PU-2018-2488
ALT-PU-2018-2489
BDU:2021-01433
CESA-2017_2789
CESA-2017_2790
CESA-2017_2791
CVE-2017-12163
DLA-1110-1
DSA-3983-1
ECHO-B637-4C23-E5D3
MGASA-2018-0022
MGASA-2018-0023
OPENSUSE-SU-2024:11365-1
RHSA-2017:2789
RHSA-2017:2790
RHSA-2017:2791
RHSA-2017:2858
RHSA-2017_2789
RHSA-2017_2790
RHSA-2017_2791
SUSE-SU-2017:2650-1
SUSE-SU-2017:2695-1
SUSE-SU-2017:2704-1
SUSE-SU-2017:2715-1
SUSE-SU-2017:2726-1
SUSE-SU-2017:2971-1
SUSE-SU-2017:3155-1
USN-3426-1
USN-3426-2

Produtos afetados

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu