A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100917 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039401 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:2790 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:2858 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151 | Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20170921-0001/ | Third Party Advisory |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us | Third Party Advisory |
https://www.debian.org/security/2017/dsa-3983 | Third Party Advisory |
https://www.samba.org/samba/security/CVE-2017-12151.html | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-27T12:00:00
Updated: 2018-07-31T15:57:01
Reserved: 2017-08-01T00:00:00
Link: CVE-2017-12151
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-27T12:29:00.223
Modified: 2019-10-09T23:22:22.637
Link: CVE-2017-12151
JSON object: View
Redhat Information
No data.