CESA-2017:2789 -- centos 6 sambaID: oval:org.secpod.oval:def:204559 | Date: (C)2017-09-27 (M)2023-07-28 |
Class: PATCH | Family: unix |
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. * It was found that samba did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu , Stefan Metzmacher , and Jeremy Allison for reporting CVE-2017-12163. Upstream acknowledges Jann Horn as the original reporter of CVE-2017-2619; and Stefan Metzmacher as the original reporter of CVE-2017-12150.
Product: |
samba |
libsmbclient |