SB2017092120 - Ubuntu update for Samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092120

SB2017092120 - Ubuntu update for Samba

Published: September 21, 2017 Updated: September 26, 2017

Security Bulletin ID SB2017092120
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Man-in-the-Middle attack (CVE-ID: CVE-2017-12150)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to several Samba tools do not require signing for SMB connections. The affected tools are:
- 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e',;
- the python binding exported as 'samba.samba3.libsmb_samba_internal' doesn't make use of the "client signing" smb.conf option;
- libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching group policies
- commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow a fallback to an anonymous connection when using the '--use-ccache' option and this happens even if SMB signing is required.

Successful exploitation of the vulnerability may allow an attacker to perform MitM attack and gain access to potentially sensitive information or elevate privileges on the server.

2) Man-in-the-Middle attack (CVE-ID: CVE-2017-12151)

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to absence of encryption across DFS redirects. A remote attacker can read and alter documents, transferred via a client connection.

3) Memory leak (CVE-ID: CVE-2017-12163)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to memory information leak over SMB1. A client with write access to a share can cause server memory contents to be written into a file or printer. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer).

Remediation

Install update from vendor's website.

References