CVE-2017-12150 — HIGH (7.4)

Q: How severe is CVE-2017-12150?

CVE-2017-12150 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12150?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Redhat Gluster Storage.

Vulnerability Description

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 3.0.25, < 4.4.16
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Redhat	Gluster Storage	3.0
Redhat	Enterprise Linux	6.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-300

References

http://www.securityfocus.com/bid/100918Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039401Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2789Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2790Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2791Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2858Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150Issue TrackingMitigationThird Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_naThird Party Advisory
https://security.netapp.com/advisory/ntap-20170921-0001/Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://www.debian.org/security/2017/dsa-3983Third Party Advisory
https://www.samba.org/samba/security/CVE-2017-12150.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/100918Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039401Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2789Third Party Advisory

FAQ

What is CVE-2017-12150?

CVE-2017-12150 is a vulnerability with a CVSS score of 7.4 (HIGH). It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-i...

How severe is CVE-2017-12150?

CVE-2017-12150 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12150?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Redhat Gluster Storage.