DSA-3983-1 samba -- sambaID: oval:org.secpod.oval:def:603114 | Date: (C)2017-09-26 (M)2023-12-20 |
Class: PATCH | Family: unix |
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encryption when following DFS redirects, which could allow a man-in-the-middle attacker to read or modify connections which were meant to be encrypted. CVE-2017-12163 Yihan Lian and Zhibin Hu discovered that insufficient range checks in the processing of SMB1 write requests could result in disclosure of server memory.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
samba |
libparse-pidl-perl |
registry-tools |
libpam-winbind |
libsmbclient |
smbclient |
winbind |
libwbclient-dev |
libwbclient0 |
python-samba |
ctdb |
libnss-winbind |