Unrated severityNVD Advisory· Published Jul 27, 2018· Updated Aug 5, 2024
CVE-2017-12151
CVE-2017-12151
Description
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Affected products
19- osv-coords18 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%206
< 4.14.6+git.182.2205d5224e3-1.1+ 17 more
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 4.6.9+git.59.c2cff9cea4c-3.17.1
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.6.7+git.51.327af8d0a11-3.12.1
- (no CPE)range: < 4.2.4-18.44.2
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.6.7+git.51.327af8d0a11-3.12.1
- (no CPE)range: < 4.2.4-28.19.3
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.6.7+git.51.327af8d0a11-3.12.1
- (no CPE)range: < 4.2.4-18.44.2
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.2.4-28.19.3
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.6.7+git.51.327af8d0a11-3.12.1
- (no CPE)range: < 4.4.2-38.11.2
- (no CPE)range: < 4.6.7+git.51.327af8d0a11-3.12.1
- (no CPE)range: < 4.2.4-28.19.3
- Range: 4.4.16
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- access.redhat.com/errata/RHSA-2017:2790mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2017:2858mitrevendor-advisoryx_refsource_REDHAT
- www.debian.org/security/2017/dsa-3983mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/100917mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1039401mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20170921-0001/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
- www.samba.org/samba/security/CVE-2017-12151.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.