CVE-2017-15275 — HIGH (7.5)

Q: What is CVE-2017-15275?

CVE-2017-15275 is a vulnerability with a CVSS score of 7.5 (HIGH). Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Q: How severe is CVE-2017-15275?

CVE-2017-15275 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-15275?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 3.6.0, < 4.5.15
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/101908Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039855Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-3486-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3486-2Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3260Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3261Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3278Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00029.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201805-07Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://www.debian.org/security/2017/dsa-4043Third Party Advisory
https://www.samba.org/samba/security/CVE-2017-15275.htmlVendor Advisory
https://www.synology.com/support/security/Synology_SA_17_72_SambaThird Party Advisory
http://www.securityfocus.com/bid/101908Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039855Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-15275?

CVE-2017-15275 is a vulnerability with a CVSS score of 7.5 (HIGH). Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

How severe is CVE-2017-15275?

CVE-2017-15275 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15275?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.