SB2017102420 - Man-in-the-Middle attack in samba (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle attack (CVE-ID: CVE-2017-12150)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to several Samba tools do not require signing for SMB connections. The affected tools are:
- 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e',;
- the python binding exported as 'samba.samba3.libsmb_samba_internal' doesn't make use of the "client signing" smb.conf option;
- libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching group policies
- commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow a fallback to an anonymous connection when using the '--use-ccache' option and this happens even if SMB signing is required.

Successful exploitation of the vulnerability may allow an attacker to perform MitM attack and gain access to potentially sensitive information or elevate privileges on the server.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=4013d75e416cb0c1c59bbb3f7ac07d1db141473a
• https://git.alpinelinux.org/aports/commit/?id=1c38a7f3b9cd01ff44f483b6f375aee36076925c
• https://git.alpinelinux.org/aports/commit/?id=d07f3a244e0806b4e3fe99e12c4d9ddc9a07f8b0