CVE-2017-12151

Sažetak

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Reference

http://www.securityfocus.com/bid/100917
http://www.securitytracker.com/id/1039401
https://access.redhat.com/errata/RHSA-2017:2790
https://access.redhat.com/errata/RHSA-2017:2858
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151
https://security.netapp.com/advisory/ntap-20170921-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
https://www.debian.org/security/2017/dsa-3983
https://www.samba.org/samba/security/CVE-2017-12151.html

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:22

Objavljeno

27-07-2018 - 12:29