CVE-2017-12163 — MEDIUM (4.1)

Q: How severe is CVE-2017-12163?

CVE-2017-12163 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12163?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Redhat Gluster Storage.

Vulnerability Description

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

CVSS Score

4.1

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	< 4.4.16
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Redhat	Gluster Storage	3.0
Redhat	Enterprise Linux	6.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/100925Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039401Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2789Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2790Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2791Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2858Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163Issue TrackingMitigationThird Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_naThird Party Advisory
https://security.netapp.com/advisory/ntap-20170921-0001/Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://www.debian.org/security/2017/dsa-3983Third Party Advisory
https://www.samba.org/samba/security/CVE-2017-12163.htmlPatchVendor Advisory
https://www.synology.com/support/security/Synology_SA_17_57_SambaMitigationThird Party Advisory
http://www.securityfocus.com/bid/100925Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039401Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-12163?

CVE-2017-12163 is a vulnerability with a CVSS score of 4.1 (MEDIUM). An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server m...

How severe is CVE-2017-12163?

CVE-2017-12163 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12163?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Redhat Gluster Storage.