VDB-107075 · CVE-2017-12151 · BID 100917

Samba up to 4.4.15/4.5.12/4.6.7 DFS cryptographic issues

A vulnerability, which was classified as critical, has been found in Samba up to 4.4.15/4.5.12/4.6.7 (File Transfer Software). This issue affects an unknown part of the component DFS. Upgrading to version 4.4.16, 4.5.14 or 4.6.8 eliminates this vulnerability. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

ID	Commited	User	Field	Change	Remarks	Moderated	Reason	C
10819966	01/14/2021	VulD...	cve_cna	Red Hat, Inc.	nvd.nist.gov	01/14/2021	accepted	70
10819965	01/14/2021	VulD...	cvss2_nvd_basescore	5.8	nist.gov	01/14/2021	accepted	90
10819964	01/14/2021	VulD...	price_0day	$0-$5k	see documentation	01/14/2021	accepted	90
10819963	01/14/2021	VulD...	cve_nvd_summary	A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.	cve.mitre.org	01/14/2021	accepted	70
7135648	11/19/2019	VulD...	securityfocus_class	Design Error	securityfocus.com	11/19/2019	accepted	100
7135647	11/19/2019	VulD...	securityfocus_date	1505865600 (09/20/2017)	securityfocus.com	11/19/2019	accepted	100
7135643	11/19/2019	VulD...	cve_assigned	1501545600	mitre.org	11/19/2019	accepted	100
7135640	11/19/2019	VulD...	date	1507680000 (10/11/2017)		11/19/2019	accepted	100
7135636	11/19/2019	VulD...	confirm_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151	bugzilla.redhat.com	11/19/2019	accepted	100
7135635	11/19/2019	VulD...	person_name	Stefan Metzmacher		11/19/2019	accepted	100
7135593	11/19/2019	VulD...	discoverydate	1505952000		11/19/2019	accepted	100
7135675	09/25/2017	VulD...	cvss3_nvd_basescore	7.4	nist.gov	09/25/2017	accepted	90
7135674	09/25/2017	VulD...	exposure_days	20		09/25/2017	accepted	90
7135673	09/25/2017	VulD...	reaction_days	20		09/25/2017	accepted	90
7135672	09/25/2017	VulD...	cvss3_vuldb_rc	C		09/25/2017	accepted	90
7135671	09/25/2017	VulD...	cvss3_vuldb_rl	O		09/25/2017	accepted	90
7135670	09/25/2017	VulD...	cvss3_vuldb_e	X		09/25/2017	accepted	90
7135669	09/25/2017	VulD...	cvss2_vuldb_rc	C		09/25/2017	accepted	90
7135668	09/25/2017	VulD...	cvss2_vuldb_rl	OF		09/25/2017	accepted	90
7135667	09/25/2017	VulD...	cvss2_vuldb_e	ND		09/25/2017	accepted	90