CVE-2017-12151

Impact:
Moderate
Public Date:
2017-09-20
CWE:
CWE-300
Bugzilla:
1488197: CVE-2017-12151 samba: SMB2 connections don't keep encryption across DFS redirects
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Find out more about CVE-2017-12151 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The samba4 package in Red Hat Enterprise Linux 6, is a tech preview and by default uses the SMB1 protocol, therefore though affected by this flaw, will not be addressed in a security update.

CVSS v3 metrics

CVSS3 Base Score 7.4
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (samba) RHSA-2017:2790 2017-09-21
Red Hat Gluster 3.3 Samba on RHEL-6 (samba) RHSA-2017:2858 2017-10-04
Red Hat Gluster 3.3 Samba on RHEL-7 (samba) RHSA-2017:2858 2017-10-04

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 samba Not affected
Red Hat Enterprise Linux 6 samba4 Will not fix
Red Hat Enterprise Linux 5 samba Not affected
Red Hat Enterprise Linux 5 samba3x Not affected

Acknowledgements

Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.

Mitigation

Keep the default of "client max protocol = NT1".

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.