Bug 1512465 (CVE-2017-15275)

Summary: CVE-2017-15275 samba: Server heap-memory disclosure
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, anoopcs, asn, gdeschner, jarrpa, lmohanty, madam, rhs-smb, sbose, security-response-team, sisharma, ssaha, ssorce, vbellur, vdas, yersinia.spiros, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:31:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1512817, 1514313, 1514314, 1514315, 1514316, 1515692, 1531098    
Bug Blocks: 1512469    

Description Huzaifa S. Sidhpurwala 2017-11-13 10:10:52 UTC 
As per upstream samba advisory:

All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.

There is no known vulnerability associated with this error, but uncleared heap memory may contain previously used data that may help an attacker compromise the  server via other methods. Uncleared heap memory may potentially contain password hashes or other high-value data.
Comment 1 Huzaifa S. Sidhpurwala 2017-11-13 10:11:00 UTC 
Acknowledgements:

Name: the Samba project
Upstream: Volker Lendecke (SerNet and the Samba Team)
Comment 4 Huzaifa S. Sidhpurwala 2017-11-21 08:59:44 UTC 
External References:

https://www.samba.org/samba/security/CVE-2017-15275.html
Comment 5 Huzaifa S. Sidhpurwala 2017-11-21 09:01:05 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1515692]
Comment 6 errata-xmlrpc 2017-11-27 04:13:48 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.3 for RHEL 6
  Red Hat Gluster Storage 3.3 for RHEL 7

Via RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3261
Comment 7 errata-xmlrpc 2017-11-27 04:40:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3260
Comment 8 errata-xmlrpc 2017-11-29 08:04:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:3278 https://access.redhat.com/errata/RHSA-2017:3278