Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2017-12150

Published: 20 September 2017

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Priority

Medium

Cvss 3 Severity Score

7.4

Score breakdown

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian 		artful
Released (2:4.6.7+dfsg-1ubuntu3)
trusty
Released (2:4.3.11+dfsg-0ubuntu0.14.04.12)
upstream
Released (4.6.8,4.5.14,4.4.16)
xenial
Released (2:4.3.11+dfsg-0ubuntu0.16.04.11)
zesty
Released (2:4.5.8+dfsg-0ubuntu0.17.04.7)
Patches:
upstream: https://git.samba.org/?p=samba.git;a=commit;h=428ede3dd3bbf3bba86ca1b321bedfcc9aebba79
upstream: https://git.samba.org/?p=samba.git;a=commit;h=26b87d01b015c83a4670db62839f5c84b6e66478
upstream: https://git.samba.org/?p=samba.git;a=commit;h=95f6e5b574856453c3ef36ebe9ae86d8456e6404
upstream: https://git.samba.org/?p=samba.git;a=commit;h=b06322309752f3b666ad38f42ef2e96f1c41a24a
upstream: https://git.samba.org/?p=samba.git;a=commit;h=4a91f4ab82e3f729a12947ff65a74b072dd94acc
upstream: https://git.samba.org/?p=samba.git;a=commit;h=81f1804d45c1b698ee87ee4d4c84197df98ea4f2
upstream: https://git.samba.org/?p=samba.git;a=commit;h=f14a94b5cd3e9977e8483e8a6ba06f48045edc15
upstream: https://git.samba.org/?p=samba.git;a=commit;h=f82c235484d03e22ad78a79e9cf2f14c8455df56
upstream: https://git.samba.org/?p=samba.git;a=commit;h=5d296e6ea32ca2df035dd35e6f21b82390f87f86
upstream: https://git.samba.org/?p=samba.git;a=commit;h=dc24ef0fc4292a365900270d6b9b66c9cfc0609e
upstream: https://git.samba.org/?p=samba.git;a=commit;h=f30ea84489e9ee6ab65279bc3ea62ce4f954f965
upstream: https://git.samba.org/?p=samba.git;a=commit;h=609e6b09feb4b00ee52db4a9df258cb9061f4ad8
upstream: https://git.samba.org/?p=samba.git;a=commit;h=9fb528332f48de59d70d48686e3af4df70206635
upstream: https://git.samba.org/?p=samba.git;a=commit;h=97a7ddff5d327bf5bcc27c8a88b000b3a187a827
upstream: https://git.samba.org/?p=samba.git;a=commit;h=b760a464ee3d94edeff6eb10a0b08359d6e98099
upstream: https://git.samba.org/?p=samba.git;a=commit;h=f42ffde214c3be1d6ba3afd8fe88a3e04470c4bd
upstream: https://git.samba.org/?p=samba.git;a=commit;h=d8c6aceb94ab72991eb538ab5dc388686a177052
upstream: https://git.samba.org/?p=samba.git;a=commit;h=28f4a8dbd2b82bb8fb9f6224e1641d935766e62a
upstream: https://git.samba.org/?p=samba.git;a=commit;h=28506663282a1457708c38c58437e9eb9c0002bf

Severity score breakdown

Parameter Value
Base score 7.4
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading