Scientific Linux Security Update : samba4 on SL6.x i386/x86_64
Medium Nessus Plugin ID 103410
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that samba did not enforce 'SMB signing' when certain configuration options were enabled. A remote attacker could launch a man- in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150)
- An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)
SolutionUpdate the affected packages.