CVE-2017-12151
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Find out more about CVE-2017-12151 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
The samba4 package in Red Hat Enterprise Linux 6, is a tech preview and by default uses the SMB1 protocol, therefore though affected by this flaw, will not be addressed in a security update.
CVSS v3 metrics
| CVSS3 Base Score | 7.4 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (samba) | RHSA-2017:2790 | 2017-09-21 |
| Red Hat Gluster 3.3 Samba on RHEL-6 (samba) | RHSA-2017:2858 | 2017-10-04 |
| Red Hat Gluster 3.3 Samba on RHEL-7 (samba) | RHSA-2017:2858 | 2017-10-04 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected |
| Red Hat Enterprise Linux 6 | samba4 | Will not fix |
| Red Hat Enterprise Linux 5 | samba | Not affected |
| Red Hat Enterprise Linux 5 | samba3x | Not affected |
Acknowledgements
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.Mitigation
Keep the default of "client max protocol = NT1".