CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	17.10 artful	Fixed 2:4.6.7+dfsg-1ubuntu3
	17.04 zesty	Fixed 2:4.5.8+dfsg-0ubuntu0.17.04.7
	16.04 LTS xenial	Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.11
	14.04 LTS trusty	Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.12

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=428ede3dd3bbf3bba86ca1b321bedfcc9aebba79 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=26b87d01b015c83a4670db62839f5c84b6e66478 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=95f6e5b574856453c3ef36ebe9ae86d8456e6404 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b06322309752f3b666ad38f42ef2e96f1c41a24a Upstream: https://git.samba.org/?p=samba.git;a=commit;h=4a91f4ab82e3f729a12947ff65a74b072dd94acc Upstream: https://git.samba.org/?p=samba.git;a=commit;h=81f1804d45c1b698ee87ee4d4c84197df98ea4f2 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f14a94b5cd3e9977e8483e8a6ba06f48045edc15 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f82c235484d03e22ad78a79e9cf2f14c8455df56 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=5d296e6ea32ca2df035dd35e6f21b82390f87f86 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=dc24ef0fc4292a365900270d6b9b66c9cfc0609e Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f30ea84489e9ee6ab65279bc3ea62ce4f954f965 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=609e6b09feb4b00ee52db4a9df258cb9061f4ad8 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=9fb528332f48de59d70d48686e3af4df70206635 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=97a7ddff5d327bf5bcc27c8a88b000b3a187a827 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b760a464ee3d94edeff6eb10a0b08359d6e98099 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f42ffde214c3be1d6ba3afd8fe88a3e04470c4bd Upstream: https://git.samba.org/?p=samba.git;a=commit;h=d8c6aceb94ab72991eb538ab5dc388686a177052 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=28f4a8dbd2b82bb8fb9f6224e1641d935766e62a Upstream: https://git.samba.org/?p=samba.git;a=commit;h=28506663282a1457708c38c58437e9eb9c0002bf

Package

Patch details

samba

Severity score breakdown

Parameter	Value
Base score	7.4 · High
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2017-12150

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references