CESA-2017:2791 -- centos 6 samba4ID: oval:org.secpod.oval:def:204558 | Date: (C)2017-09-27 (M)2023-07-28 |
Class: PATCH | Family: unix |
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and Yihan Lian and Zhibin Hu , Stefan Metzmacher , and Jeremy Allison for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher as the original reporter of CVE-2017-12150.