This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- A race condition was found in samba server. A malicious
samba client could use this flaw to access files and
directories in areas of the server file system not
exported under the share definitions. (CVE-2017-2619)
- It was found that samba did not enforce 'SMB signing'
when certain configuration options were enabled. A
remote attacker could launch a man- in-the-middle attack
and retrieve information in plain-text. (CVE-2017-12150)
- An information leak flaw was found in the way SMB1
protocol was implemented by Samba. A malicious client
could use this flaw to dump server memory contents to a
file on the samba share or to a shared printer, though
the exact area of server memory cannot be controlled by
the attacker. (CVE-2017-12163)
See also :
Update the affected packages.
Risk factor :