CVE-2017-12163
Published: 20 September 2017
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
upstream |
Released
(4.6.8,4.5.14,4.4.16)
|
precise |
Released
(2:3.6.25-0ubuntu0.12.04.13)
|
|
trusty |
Released
(2:4.3.11+dfsg-0ubuntu0.14.04.12)
|
|
xenial |
Released
(2:4.3.11+dfsg-0ubuntu0.16.04.11)
|
|
zesty |
Released
(2:4.5.8+dfsg-0ubuntu0.17.04.7)
|
|
artful |
Released
(2:4.6.7+dfsg-1ubuntu3)
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=bf85c3d4ed7a4f1a0be4e16faf5d9b562940d33d (4.4) upstream: https://git.samba.org/?p=samba.git;a=commit;h=a43b36f5514de38b8a072bfbeb172316045c2ad0 (4.5) upstream: https://git.samba.org/?p=samba.git;a=commit;h=c848b104aa2293f55c14722d99cf788dafc442cb (4.6) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 |
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |