Scientific Linux Security Update : samba on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was found that samba did not enforce 'SMB signing'
when certain configuration options were enabled. A
remote attacker could launch a man- in-the-middle attack
and retrieve information in plain-text. (CVE-2017-12150)

- A flaw was found in the way samba client used encryption
with the max protocol set as SMB3. The connection could
lose the requirement for signing and encrypting to any
DFS redirects, allowing an attacker to read or alter the
contents of the connection via a man-in-the-middle
attack. (CVE-2017-12151)

- An information leak flaw was found in the way SMB1
protocol was implemented by Samba. A malicious client
could use this flaw to dump server memory contents to a
file on the samba share or to a shared printer, though
the exact area of server memory cannot be controlled by
the attacker. (CVE-2017-12163)

See also :

http://www.nessus.org/u?632e05ba

Solution :

Update the affected packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 103411 ()

Bugtraq ID:

CVE ID: CVE-2017-12150
CVE-2017-12151
CVE-2017-12163

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now