CVE-2017-12151

Publication date 20 September 2017

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	17.04 zesty	Fixed 2:4.5.8+dfsg-0ubuntu0.17.04.7
	16.04 LTS xenial	Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.11
	14.04 LTS trusty	Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.12

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=17019aa27f612f4ccc7131d40c54b26864fef444 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=50f649e7d0b27bcd7eaab7d8223ef9ccd99782dc Upstream: https://git.samba.org/?p=samba.git;a=commit;h=282a1d122f9861b0521fa5a389ad467f8da93bd1 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=157f2a703bcaca9495d50cbd4d48c24b1ceed80d Upstream: https://git.samba.org/?p=samba.git;a=commit;h=3157ccef61bd0698207054daf060cf2986d1d110 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=105cc438c6cb3dc741e861855e3fa5a94a156ff0

Package

Patch details

samba

Severity score breakdown

Parameter	Value
Base score	7.4 · High
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	None
Vector	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Related Ubuntu Security Notices (USN)

USN-3426-1
Samba vulnerabilities
21 September 2017

CVE-2017-12151

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references