Table of Contents
Red Hat Enterprise Linux 5:
This vulnerability has been rated as having a security impact of Moderate. After evaluation and in accordance with the criteria noted in the product support life cycle, there are no plans to address this issue in an upcoming release. Please contact Red Hat Support for further information.
CVSS v3 metrics
|CVSS3 Base Score||4.1|
|CVSS3 Base Metrics||CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N|
|Attack Vector||Adjacent Network|
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (samba)||RHSA-2017:2790||2017-09-21|
|Red Hat Enterprise Linux 6 (samba4)||RHSA-2017:2791||2017-09-21|
|Red Hat Enterprise Linux 6 (samba)||RHSA-2017:2789||2017-09-21|
|Red Hat Gluster 3.3 Samba on RHEL-6 (samba)||RHSA-2017:2858||2017-10-04|
|Red Hat Gluster 3.3 Samba on RHEL-7 (samba)||RHSA-2017:2858||2017-10-04|
Affected Packages State
|Red Hat Enterprise Linux 5||samba||Will not fix|
AcknowledgementsRed Hat would like to thank Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting this issue.
As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:
server min protocol = SMB2_02
to the [global] section of your smb.conf and restarting smbd.