Samba up to 4.4.15/4.5.12/4.6.7 Signing 7pk security

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Samba up to 4.4.15/4.5.12/4.6.7 (File Transfer Software). This vulnerability affects some unknown functionality of the component Signing Handler. Upgrading to version 4.4.16, 4.5.14 or 4.6.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/19/2019 10:23 AM01/14/2021 11:16 AM01/14/2021 11:19 AM
typeFile Transfer SoftwareFile Transfer SoftwareFile Transfer Software
nameSambaSambaSamba
version<=4.4.15/4.5.12/4.6.7<=4.4.15/4.5.12/4.6.7<=4.4.15/4.5.12/4.6.7
componentSigning HandlerSigning HandlerSigning Handler
cwe254 (privilege escalation)254 (privilege escalation)254 (privilege escalation)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.26.26.2
cvss3_vuldb_basescore5.65.65.6
cvss3_vuldb_tempscore5.45.45.4
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aNNN
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://www.samba.org/samba/security/CVE-2017-12150.htmlhttps://www.samba.org/samba/security/CVE-2017-12150.htmlhttps://www.samba.org/samba/security/CVE-2017-12150.html
person_nameStefan MetzmacherStefan MetzmacherStefan Metzmacher
disputed000
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version4.4.16/4.5.14/4.6.84.4.16/4.5.14/4.6.84.4.16/4.5.14/4.6.8
cveCVE-2017-12150CVE-2017-12150CVE-2017-12150
cve_nvd_published153255600015325560001532556000
oval_idoval:org.cisecurity:def:5118oval:org.cisecurity:def:5118oval:org.cisecurity:def:5118
securityfocus100918100918100918
securityfocus_titleSamba CVE-2017-12150 Man in the Middle Security Bypass VulnerabilitySamba CVE-2017-12150 Man in the Middle Security Bypass VulnerabilitySamba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability
sectracker103940110394011039401
sectracker_date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
sectracker_causeAccess control errorAccess control errorAccess control error
nessus_id103408103408103408
nessus_nameRHEL 6 : samba4 (RHSA-2017:2791)RHEL 6 : samba4 (RHSA-2017:2791)RHEL 6 : samba4 (RHSA-2017:2791)
nessus_filenameredhat-RHSA-2017-2791.naslredhat-RHSA-2017-2791.naslredhat-RHSA-2017-2791.nasl
nessus_riskMediumMediumMedium
nessus_familyRed Hat Local Security ChecksRed Hat Local Security ChecksRed Hat Local Security Checks
nessus_typelocallocallocal
nessus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
openvas_id537545375453754
openvas_filenamedeb_3983.nasldeb_3983.nasldeb_3983.nasl
openvas_titleDebian Security Advisory DSA 3983-1 (samba - security update)Debian Security Advisory DSA 3983-1 (samba - security update)Debian Security Advisory DSA 3983-1 (samba - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id157562157562157562
qualys_titleOracle Enterprise Linux Security Update for samba (ELSA-2017-2789)Oracle Enterprise Linux Security Update for samba (ELSA-2017-2789)Oracle Enterprise Linux Security Update for samba (ELSA-2017-2789)
seealso107075 107076107075 107076107075 107076
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore7.47.47.4
discoverydate150595200015059520001505952000
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
cve_assigned150154560015015456001501545600
securityfocus_date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
securityfocus_classDesign ErrorDesign ErrorDesign Error
cve_nvd_summaryIt was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
cvss2_nvd_basescore5.85.8
cve_cnaRed Hat, Inc.

Do you want to use VulDB in your project?

Use the official API to access entries easily!