VDB-107076 · CVE-2017-12163 · BID 100925

Samba up to 4.4.15/4.5.12/4.6.7 information disclosure

A vulnerability, which was classified as critical, was found in Samba up to 4.4.15/4.5.12/4.6.7 (File Transfer Software). Affected is an unknown code. Upgrading to version 4.4.16, 4.5.14 or 4.6.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	01/14/2021 11:37 AM	01/14/2021 11:43 AM	01/14/2021 11:48 AM
nessus_type	local	local	local
nessus_date	1506038400 (09/22/2017)	1506038400 (09/22/2017)	1506038400 (09/22/2017)
openvas_id	53754	53754	53754
openvas_filename	deb_3983.nasl	deb_3983.nasl	deb_3983.nasl
openvas_title	Debian Security Advisory DSA 3983-1 (samba - security update)	Debian Security Advisory DSA 3983-1 (samba - security update)	Debian Security Advisory DSA 3983-1 (samba - security update)
openvas_family	Debian Local Security Checks	Debian Local Security Checks	Debian Local Security Checks
qualys_id	236504	236504	236504
qualys_title	Red Hat Update for samba (RHSA-2017:2789)	Red Hat Update for samba (RHSA-2017:2789)	Red Hat Update for samba (RHSA-2017:2789)
seealso	107074 107075	107074 107075	107074 107075
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
cvss3_nvd_basescore	7.1	7.1	7.1
type	File Transfer Software	File Transfer Software	File Transfer Software
name	Samba	Samba	Samba
version	<=4.4.15/4.5.12/4.6.7	<=4.4.15/4.5.12/4.6.7	<=4.4.15/4.5.12/4.6.7
cwe	200 (information disclosure)	200 (information disclosure)	200 (information disclosure)
risk	2	2	2
historic	0	0	0
cvss2_vuldb_basescore	6.0	6.0	6.0
cvss2_vuldb_tempscore	5.2	5.2	5.2
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	A	A	A
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	6.7	6.7	6.7
cvss3_meta_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	A	A	A
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
location	Website	Website	Website
type	Advisory	Advisory	Advisory
url	https://www.samba.org/samba/security/CVE-2017-12150.html	https://www.samba.org/samba/security/CVE-2017-12150.html	https://www.samba.org/samba/security/CVE-2017-12150.html
disputed	0	0	0
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Upgrade	Upgrade	Upgrade
upgrade_version	4.4.16/4.5.14/4.6.8	4.4.16/4.5.14/4.6.8	4.4.16/4.5.14/4.6.8
cve	CVE-2017-12163	CVE-2017-12163	CVE-2017-12163
cve_nvd_published	1532556000	1532556000	1532556000
oval_id	oval:org.cisecurity:def:5120	oval:org.cisecurity:def:5120	oval:org.cisecurity:def:5120
securityfocus	100925	100925	100925
securityfocus_title	Samba CVE-2017-12163 Arbitrary File Write Vulnerability	Samba CVE-2017-12163 Arbitrary File Write Vulnerability	Samba CVE-2017-12163 Arbitrary File Write Vulnerability
sectracker	1039401	1039401	1039401
sectracker_date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
sectracker_cause	Access control error	Access control error	Access control error
nessus_id	103408	103408	103408
nessus_name	RHEL 6 : samba4 (RHSA-2017:2791)	RHEL 6 : samba4 (RHSA-2017:2791)	RHEL 6 : samba4 (RHSA-2017:2791)
nessus_filename	redhat-RHSA-2017-2791.nasl	redhat-RHSA-2017-2791.nasl	redhat-RHSA-2017-2791.nasl
nessus_risk	Medium	Medium	Medium
nessus_family	Red Hat Local Security Checks	Red Hat Local Security Checks	Red Hat Local Security Checks
discoverydate	1505952000	1505952000	1505952000
company_name	Qihoo 360 GearTeam	Qihoo 360 GearTeam	Qihoo 360 GearTeam
confirm_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163
date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
cve_assigned	1501545600	1501545600	1501545600
securityfocus_date	1505865600 (09/20/2017)	1505865600 (09/20/2017)	1505865600 (09/20/2017)
securityfocus_class	Design Error	Design Error	Design Error
cve_nvd_summary	An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.	An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.	An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
cvss2_nvd_basescore	4.8	4.8	4.8
cve_cna		Red Hat, Inc.	Red Hat, Inc.
person_name			Yihan Lian/Zhibin Hu

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!