PT-2017-3735 · Samba+5 · Samba+5

Stefan Metzmacher

Published

2017-09-20

Updated

2024-06-15

CVE-2017-12150

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.4.16 Samba versions 4.5.x prior to 4.5.14 Samba versions 4.6.x prior to 4.6.8

Description: The issue is related to the lack of enforcement of "SMB signing" in certain configuration options, allowing a remote attacker to launch a man-in-the-middle attack and retrieve information in plain-text. This enables the attacker to hijack client connections.

Recommendations: For Samba versions prior to 4.4.16, update to version 4.4.16 or later. For Samba versions 4.5.x prior to 4.5.14, update to version 4.5.14 or later. For Samba versions 4.6.x prior to 4.6.8, update to version 4.6.8 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-300

Related Identifiers

ALT-PU-2017-2287

ALT-PU-2017-2288

ALT-PU-2018-2488

ALT-PU-2018-2489

AZL-45336

BDU:2019-00223

BDU:2019-00224

CESA-2017_2789

CESA-2017_2790

CESA-2017_2791

CVE-2017-12150

DLA-1110-1

DSA-3983-1

ECHO-FA4E-222F-E146

MGASA-2018-0022

MGASA-2018-0023

OPENSUSE-SU-2024:11365-1

RHSA-2017:2789

RHSA-2017:2790

RHSA-2017:2791

RHSA-2017:2858

RHSA-2017_2789

RHSA-2017_2790

RHSA-2017_2791

SUSE-SU-2017:2650-1

SUSE-SU-2017:2695-1

SUSE-SU-2017:2704-1

SUSE-SU-2017:2715-1

SUSE-SU-2017:2726-1

SUSE-SU-2017:2971-1

SUSE-SU-2017:3155-1

SUSE-SU-2017_2650-1

SUSE-SU-2017_2695-1

SUSE-SU-2017_2704-1

SUSE-SU-2017_2715-1

SUSE-SU-2017_2726-1

SUSE-SU-2017_2971-1

SUSE-SU-2017_3155-1

USN-3426-1

USN-3426-2

Affected Products

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2017-3735 · Samba+5 · Samba+5

CVE-2017-12150

Weakness Enumeration

Related Identifiers

Affected Products

References · 157