Samba up to 4.4.15/4.5.12/4.6.7 information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Samba up to 4.4.15/4.5.12/4.6.7 (File Transfer Software). Affected is an unknown code. Upgrading to version 4.4.16, 4.5.14 or 4.6.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field01/14/2021 11:37 AM01/14/2021 11:43 AM01/14/2021 11:48 AM
nessus_typelocallocallocal
nessus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
openvas_id537545375453754
openvas_filenamedeb_3983.nasldeb_3983.nasldeb_3983.nasl
openvas_titleDebian Security Advisory DSA 3983-1 (samba - security update)Debian Security Advisory DSA 3983-1 (samba - security update)Debian Security Advisory DSA 3983-1 (samba - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id236504236504236504
qualys_titleRed Hat Update for samba (RHSA-2017:2789)Red Hat Update for samba (RHSA-2017:2789)Red Hat Update for samba (RHSA-2017:2789)
seealso107074 107075107074 107075107074 107075
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore7.17.17.1
typeFile Transfer SoftwareFile Transfer SoftwareFile Transfer Software
nameSambaSambaSamba
version<=4.4.15/4.5.12/4.6.7<=4.4.15/4.5.12/4.6.7<=4.4.15/4.5.12/4.6.7
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk222
historic000
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.25.25.2
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avAAA
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore6.76.76.7
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avAAA
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://www.samba.org/samba/security/CVE-2017-12150.htmlhttps://www.samba.org/samba/security/CVE-2017-12150.htmlhttps://www.samba.org/samba/security/CVE-2017-12150.html
disputed000
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version4.4.16/4.5.14/4.6.84.4.16/4.5.14/4.6.84.4.16/4.5.14/4.6.8
cveCVE-2017-12163CVE-2017-12163CVE-2017-12163
cve_nvd_published153255600015325560001532556000
oval_idoval:org.cisecurity:def:5120oval:org.cisecurity:def:5120oval:org.cisecurity:def:5120
securityfocus100925100925100925
securityfocus_titleSamba CVE-2017-12163 Arbitrary File Write VulnerabilitySamba CVE-2017-12163 Arbitrary File Write VulnerabilitySamba CVE-2017-12163 Arbitrary File Write Vulnerability
sectracker103940110394011039401
sectracker_date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
sectracker_causeAccess control errorAccess control errorAccess control error
nessus_id103408103408103408
nessus_nameRHEL 6 : samba4 (RHSA-2017:2791)RHEL 6 : samba4 (RHSA-2017:2791)RHEL 6 : samba4 (RHSA-2017:2791)
nessus_filenameredhat-RHSA-2017-2791.naslredhat-RHSA-2017-2791.naslredhat-RHSA-2017-2791.nasl
nessus_riskMediumMediumMedium
nessus_familyRed Hat Local Security ChecksRed Hat Local Security ChecksRed Hat Local Security Checks
discoverydate150595200015059520001505952000
company_nameQihoo 360 GearTeamQihoo 360 GearTeamQihoo 360 GearTeam
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
cve_assigned150154560015015456001501545600
securityfocus_date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
securityfocus_classDesign ErrorDesign ErrorDesign Error
cve_nvd_summaryAn information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
cvss2_nvd_basescore4.84.84.8
cve_cnaRed Hat, Inc.Red Hat, Inc.
person_nameYihan Lian/Zhibin Hu

Interested in the pricing of exploits?

See the underground prices here!