[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:2791-01 -- Redhat samba4

ID: oval:org.secpod.oval:def:502140Date: (C)2017-09-25   (M)2023-12-20
Class: PATCHFamily: unix




Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and Yihan Lian and Zhibin Hu , Stefan Metzmacher , and Jeremy Allison for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher as the original reporter of CVE-2017-12150.

Platform:
Red Hat Enterprise Linux 6
Product:
samba4
Reference:
RHSA-2017:2791-01
CVE-2017-12150
CVE-2017-12163
CVE    2
CVE-2017-12163
CVE-2017-12150
CPE    2
cpe:/o:redhat:enterprise_linux:6
cpe:/a:samba:samba:4

© SecPod Technologies