RHSA-2017:2791-01 -- Redhat samba4ID: oval:org.secpod.oval:def:502140 | Date: (C)2017-09-25 (M)2023-12-20 |
Class: PATCH | Family: unix |
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and Yihan Lian and Zhibin Hu , Stefan Metzmacher , and Jeremy Allison for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher as the original reporter of CVE-2017-12150.
Platform: |
Red Hat Enterprise Linux 6 |