CVE-2017-12163

Publication date 20 September 2017

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	17.10 artful	Fixed 2:4.6.7+dfsg-1ubuntu3
	17.04 zesty	Fixed 2:4.5.8+dfsg-0ubuntu0.17.04.7
	16.04 LTS xenial	Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.11
	14.04 LTS trusty	Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.12

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=bf85c3d4ed7a4f1a0be4e16faf5d9b562940d33d Upstream: https://git.samba.org/?p=samba.git;a=commit;h=a43b36f5514de38b8a072bfbeb172316045c2ad0 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=c848b104aa2293f55c14722d99cf788dafc442cb

Severity score breakdown

Parameter	Value
Base score	7.1 · High
Attack vector	Adjacent
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVE-2017-12163

Cvss 3 Severity Score

Status

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references