RHSA-2017:2789-01 -- Redhat sambaID: oval:org.secpod.oval:def:502139 | Date: (C)2017-09-25 (M)2023-12-20 |
Class: PATCH | Family: unix |
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu , Stefan Metzmacher , and Jeremy Allison for reporting CVE-2017-12163. Upstream acknowledges Jann Horn as the original reporter of CVE-2017-2619; and Stefan Metzmacher as the original reporter of CVE-2017-12150.
Platform: |
Red Hat Enterprise Linux 6 |