All the vulnerabilites related to hp - cifs_server
cve-2017-12151
Vulnerability from cvelistv5
Published
2018-07-27 12:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
References
▼ | URL | Tags |
---|---|---|
https://security.netapp.com/advisory/ntap-20170921-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:2790 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100917 | vdb-entry, x_refsource_BID | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us | x_refsource_CONFIRM | |
https://www.debian.org/security/2017/dsa-3983 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2017:2858 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1039401 | vdb-entry, x_refsource_SECTRACK | |
https://www.samba.org/samba/security/CVE-2017-12151.html | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:16.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170921-0001/" }, { "name": "RHSA-2017:2790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151" }, { "name": "100917", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100917" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us" }, { "name": "DSA-3983", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-3983" }, { "name": "RHSA-2017:2858", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2858" }, { "name": "1039401", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039401" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2017-12151.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Samba", "versions": [ { "status": "affected", "version": "4.4.16" }, { "status": "affected", "version": "4.5.14" }, { "status": "affected", "version": "4.6.8" } ] } ], "datePublic": "2017-09-20T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-300", "description": "CWE-300", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-31T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170921-0001/" }, { "name": "RHSA-2017:2790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151" }, { "name": "100917", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100917" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us" }, { "name": "DSA-3983", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-3983" }, { "name": "RHSA-2017:2858", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2858" }, { "name": "1039401", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039401" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.samba.org/samba/security/CVE-2017-12151.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-12151", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "samba", "version": { "version_data": [ { "version_value": "4.4.16" }, { "version_value": "4.5.14" }, { "version_value": "4.6.8" } ] } } ] }, "vendor_name": "Samba" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." } ] }, "impact": { "cvss": [ [ { "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-300" } ] } ] }, "references": { "reference_data": [ { "name": "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170921-0001/" }, { "name": "RHSA-2017:2790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2790" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151" }, { "name": "100917", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100917" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us" }, { "name": "DSA-3983", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3983" }, { "name": "RHSA-2017:2858", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2858" }, { "name": "1039401", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039401" }, { "name": "https://www.samba.org/samba/security/CVE-2017-12151.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/security/CVE-2017-12151.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12151", "datePublished": "2018-07-27T12:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2018-07-27 12:29
Modified
2024-11-21 03:08
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
samba | samba | * | |
samba | samba | * | |
samba | samba | * | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server_aus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.5 | |
redhat | enterprise_linux_workstation | 7.0 | |
hp | cifs_server | b.04.05.11.00 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FF52F5F-8DF4-48FC-A4F1-F41C17DEEC0D", "versionEndExcluding": "4.4.16", "vulnerable": true }, { "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CE62DA6-5CD9-4805-BBE3-65F342B13AC8", "versionEndExcluding": "4.5.14", "versionStartIncluding": "4.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EF4B09A-5F81-4A13-B7FA-F4A97C773405", "versionEndExcluding": "4.6.8", "versionStartIncluding": "4.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:hp:cifs_server:b.04.05.11.00:*:*:*:*:*:*:*", "matchCriteriaId": "68013CEA-3847-44BE-8019-93F7B06B50FE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." }, { "lang": "es", "value": "Se ha encontrado un fallo en la forma en la que el cliente samba en versiones anteriores a samba 4.4.16, samba 4.5.14 y samba 4.6.8 utilizaba cifrado con el protocolo max establecido en SMB3. La conexi\u00f3n pod\u00eda perder el requisito de firmar y cifrar con cualquier redirecci\u00f3n DFS, lo que permit\u00eda a un atacante leer o alterar el contenido de la conexi\u00f3n mediante un ataque Man-in-the-Middle (MitM)." } ], "id": "CVE-2017-12151", "lastModified": "2024-11-21T03:08:56.363", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-27T12:29:00.223", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/100917" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039401" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2790" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2858" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170921-0001/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3983" }, { "source": "secalert@redhat.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.samba.org/samba/security/CVE-2017-12151.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/100917" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039401" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2858" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170921-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3983" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.samba.org/samba/security/CVE-2017-12151.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-300" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-310" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }