Samba 4.4.x < 4.4.16 / 4.5.x < 4.5.14 / 4.6.x < 4.6.8 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by multiple vulnerabilities.

Description :

The version of Samba running on the remote host is 4.4.x prior to
4.4.16, 4.5.x prior to 4.5.14, or 4.6.x prior to 4.6.8. It is,
therefore, affected by the following vulnerabilities:

- Signing requirements are not properly enforced for SMB v1, v2,
and v3. This could allow a man-in-the-middle attacker to
interfere with client connections. (CVE-2017-12150)

- A flaw exists with the DFS redirect that causes encryption
requirements to not be maintained. A man-in-the-middle attacker
could read or alter the client connection. (CVE-2017-12151)

- A flaw exists with SMB v1 due to improper range check for client
write requests. An authenticated attacker could potentially access
sensitive server information. (CVE-2017-12163)

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://www.samba.org/samba/security/CVE-2017-12150.html
https://www.samba.org/samba/security/CVE-2017-12151.html
https://www.samba.org/samba/security/CVE-2017-12163.html
https://www.samba.org/samba/history/samba-4.4.16.html
https://www.samba.org/samba/history/samba-4.5.14.html
https://www.samba.org/samba/history/samba-4.6.8.html

Solution :

Upgrade to Samba version 4.4.16 / 4.5.14 / 4.6.8 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 103535 ()

Bugtraq ID: 100917
100918
100925

CVE ID: CVE-2017-12150
CVE-2017-12151
CVE-2017-12163

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now