Samba up to 4.4.15/4.5.12/4.6.7 DFS cryptographic issues

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Samba up to 4.4.15/4.5.12/4.6.7 (File Transfer Software). This issue affects an unknown part of the component DFS. Upgrading to version 4.4.16, 4.5.14 or 4.6.8 eliminates this vulnerability. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1081996601/14/2021VulD...cve_cnaRed Hat, Inc.nvd.nist.gov01/14/2021accepted70
1081996501/14/2021VulD...cvss2_nvd_basescore5.8nist.gov01/14/2021accepted90
1081996401/14/2021VulD...price_0day$0-$5ksee documentation01/14/2021accepted90
1081996301/14/2021VulD...cve_nvd_summaryA flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.cve.mitre.org01/14/2021accepted70
713564811/19/2019VulD...securityfocus_classDesign Errorsecurityfocus.com11/19/2019accepted100
713564711/19/2019VulD...securityfocus_date1505865600 (09/20/2017)securityfocus.com11/19/2019accepted100
713564311/19/2019VulD...cve_assigned1501545600mitre.org11/19/2019accepted100
713564011/19/2019VulD...date1507680000 (10/11/2017)11/19/2019accepted100
713563611/19/2019VulD...confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151bugzilla.redhat.com11/19/2019accepted100
713563511/19/2019VulD...person_nameStefan Metzmacher11/19/2019accepted100
713559311/19/2019VulD...discoverydate150595200011/19/2019accepted100
713567509/25/2017VulD...cvss3_nvd_basescore7.4nist.gov09/25/2017accepted90
713567409/25/2017VulD...exposure_days2009/25/2017accepted90
713567309/25/2017VulD...reaction_days2009/25/2017accepted90
713567209/25/2017VulD...cvss3_vuldb_rcC09/25/2017accepted90
713567109/25/2017VulD...cvss3_vuldb_rlO09/25/2017accepted90
713567009/25/2017VulD...cvss3_vuldb_eX09/25/2017accepted90
713566909/25/2017VulD...cvss2_vuldb_rcC09/25/2017accepted90
713566809/25/2017VulD...cvss2_vuldb_rlOF09/25/2017accepted90
713566709/25/2017VulD...cvss2_vuldb_eND09/25/2017accepted90

Might our Artificial Intelligence support you?

Check our Alexa App!