PT-2017-4079 · Samba+5 · Samba+5

Published

2017-09-20

·

Updated

2024-06-15

·

CVE-2017-12163

CVSS v3.1

7.1

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.4.16 Samba versions 4.5.x prior to 4.5.14 Samba versions 4.6.x prior to 4.6.8
Description An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the Samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. This issue allows attackers with write access to a share to cause server memory contents to be written into a file or printer, potentially leading to access to confidential data and disruption of its integrity.
Recommendations For Samba versions prior to 4.4.16, update to version 4.4.16 or later. For Samba versions 4.5.x prior to 4.5.14, update to version 4.5.14 or later. For Samba versions 4.6.x prior to 4.6.8, update to version 4.6.8 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2287
ALT-PU-2017-2288
ALT-PU-2018-2488
ALT-PU-2018-2489
BDU:2021-01433
CESA-2017_2789
CESA-2017_2790
CESA-2017_2791
CVE-2017-12163
DLA-1110-1
DSA-3983-1
ECHO-B637-4C23-E5D3
MGASA-2018-0022
MGASA-2018-0023
OPENSUSE-SU-2024:11365-1
RHSA-2017:2789
RHSA-2017:2790
RHSA-2017:2791
RHSA-2017:2858
RHSA-2017_2789
RHSA-2017_2790
RHSA-2017_2791
SUSE-SU-2017:2650-1
SUSE-SU-2017:2695-1
SUSE-SU-2017:2704-1
SUSE-SU-2017:2715-1
SUSE-SU-2017:2726-1
SUSE-SU-2017:2971-1
SUSE-SU-2017:3155-1
USN-3426-1
USN-3426-2

Affected Products

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu