CVE Vulnerabilities

CVE-2017-12150

Published: Jul 26, 2018 | Modified: Aug 29, 2022
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Affected Software

Name Vendor Start Version End Version
Samba Samba 3.0.25 *
Samba Samba 4.5.0 *
Samba Samba 4.6.0 *

References