CVE-2017-12150

Description

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	17.10 artful	Fixed 2:4.6.7+dfsg-1ubuntu3
	17.04 zesty	Fixed 2:4.5.8+dfsg-0ubuntu0.17.04.7
	16.04 LTS xenial	Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.11
	14.04 LTS trusty	Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.12

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=428ede3dd3bbf3bba86ca1b321bedfcc9aebba79 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=26b87d01b015c83a4670db62839f5c84b6e66478 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=95f6e5b574856453c3ef36ebe9ae86d8456e6404 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b06322309752f3b666ad38f42ef2e96f1c41a24a Upstream: https://git.samba.org/?p=samba.git;a=commit;h=4a91f4ab82e3f729a12947ff65a74b072dd94acc Upstream: https://git.samba.org/?p=samba.git;a=commit;h=81f1804d45c1b698ee87ee4d4c84197df98ea4f2 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f14a94b5cd3e9977e8483e8a6ba06f48045edc15 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f82c235484d03e22ad78a79e9cf2f14c8455df56 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=5d296e6ea32ca2df035dd35e6f21b82390f87f86 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=dc24ef0fc4292a365900270d6b9b66c9cfc0609e Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f30ea84489e9ee6ab65279bc3ea62ce4f954f965 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=609e6b09feb4b00ee52db4a9df258cb9061f4ad8 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=9fb528332f48de59d70d48686e3af4df70206635 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=97a7ddff5d327bf5bcc27c8a88b000b3a187a827 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b760a464ee3d94edeff6eb10a0b08359d6e98099 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f42ffde214c3be1d6ba3afd8fe88a3e04470c4bd Upstream: https://git.samba.org/?p=samba.git;a=commit;h=d8c6aceb94ab72991eb538ab5dc388686a177052 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=28f4a8dbd2b82bb8fb9f6224e1641d935766e62a Upstream: https://git.samba.org/?p=samba.git;a=commit;h=28506663282a1457708c38c58437e9eb9c0002bf

Package

Patch details

samba

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.4 · High

Base metrics

Parameter	Value
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality impact	High
Integrity impact	High
Availability impact	None

Scores

Parameter	Value
Base score	7.4 · High
Exploitability score	-
Impact score	-

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Related Ubuntu Security Notices (USN)

USN-3426-2
Samba vulnerabilities
2 November 2017

USN-3426-1
Samba vulnerabilities
21 September 2017

CVE-2017-12150

Cvss 3 Severity Score

Description

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities