Oracle Solaris 11: CVE-2017-12151: Vulnerability in Samba
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | November 30, 2017 | November 30, 2017 | July 30, 2018 |
Description
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-solaris-11-3-upgrade-library-samba-libsmbclient-4-4-16-0-175-3-25-0-3-0Related Vulnerabilities
- Oracle Linux: (CVE-2017-12151) ELSA-2017-2790: samba security update
- Ubuntu: USN-3426-1 (CVE-2017-12151): Samba vulnerabilities
- Alpine Linux: CVE-2017-12151: samba Multiple vulnerabilities
- Samba CVE-2017-12151: Numerous CVEs. Please see the announcements for details.
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- CentOS: (CVE-2017-12151) CESA-2017:2790: samba
- Debian: CVE-2017-12151: samba -- security update
- Amazon Linux AMI: CVE-2017-12151: Security patch for samba (ALAS-2017-909)
- Red Hat: CVE-2017-12151: Moderate: samba security update (RHSA-2017:2790)
- Huawei EulerOS: CVE-2017-12151: samba security update
- HP-UX: CVE-2017-12151: HPESBUX03817 rev.2 - HP-UX CIFS Server, Local and Remote Vulnerabilities
- Huawei EulerOS: CVE-2017-12151: samba security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6