CVE-2017-12163
Find out more about CVE-2017-12163 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 4.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (samba) | RHSA-2017:2790 | 2017-09-21 |
| Red Hat Enterprise Linux 6 (samba4) | RHSA-2017:2791 | 2017-09-21 |
| Red Hat Enterprise Linux 6 (samba) | RHSA-2017:2789 | 2017-09-21 |
| Red Hat Gluster 3.3 Samba on RHEL-6 (samba) | RHSA-2017:2858 | 2017-10-04 |
| Red Hat Gluster 3.3 Samba on RHEL-7 (samba) | RHSA-2017:2858 | 2017-10-04 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Will not fix |
Acknowledgements
Red Hat would like to thank Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting this issue.Mitigation
As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:
server min protocol = SMB2_02
to the [global] section of your smb.conf and restarting smbd.
