Bug 1488197 (CVE-2017-12151)
Summary: | CVE-2017-12151 samba: SMB2 connections don't keep encryption across DFS redirects | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abokovoy, anoopcs, asn, gdeschner, jlayton, jrivera, lmohanty, madam, rhs-smb, sbose, security-response-team, sisharma, ssaha, ssorce, vbellur |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.4.16, samba 4.5.14, samba 4.6.8 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:23:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1491213, 1491214, 1491769, 1493441 | ||
Bug Blocks: | 1488198 |
Description
Adam Mariš
2017-09-04 15:56:47 UTC
Acknowledgments: Name: the Samba project Upstream: Stefan Metzmacher (SerNet) Mitigation: Keep the default of "client max protocol = NT1". Statement: The samba4 package in Red Hat Enterprise Linux 6, is a tech preview and by default uses the SMB1 protocol, therefore though affected by this flaw, will not be addressed in a security update. External References: https://www.samba.org/samba/security/CVE-2017-12151.html Created samba tracking bugs for this issue: Affects: fedora-all [bug 1493441] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2790 https://access.redhat.com/errata/RHSA-2017:2790 This issue has been addressed in the following products: Red Hat Gluster Storage 3.3 for RHEL 6 Red Hat Gluster Storage 3.3 for RHEL 7 Via RHSA-2017:2858 https://access.redhat.com/errata/RHSA-2017:2858 |