CVE-2017-12151
27.07.2018, 12:29
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.Enginsight
| Vendor | Product | Version |
|---|---|---|
| samba | samba | 𝑥 < 4.4.16 |
| samba | samba | 4.5.0 ≤ 𝑥 < 4.5.14 |
| samba | samba | 4.6.0 ≤ 𝑥 < 4.6.8 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-300 - Channel Accessible by Non-EndpointThe product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
- CWE-310 -
References