Bug 1512465 (CVE-2017-15275) - CVE-2017-15275 samba: Server heap-memory disclosure
Summary: CVE-2017-15275 samba: Server heap-memory disclosure
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-15275
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1512817 1514313 1514314 1514315 1514316 1515692 1531098
Blocks: 1512469
TreeView+ depends on / blocked
 
Reported: 2017-11-13 10:10 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-03-11 16:15 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:31:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3260 0 normal SHIPPED_LIVE Important: samba security update 2017-11-27 09:39:33 UTC
Red Hat Product Errata RHSA-2017:3261 0 normal SHIPPED_LIVE Important: samba security update 2017-11-27 09:13:12 UTC
Red Hat Product Errata RHSA-2017:3278 0 normal SHIPPED_LIVE Important: samba4 security update 2017-11-29 13:03:46 UTC
Samba Project 13077 0 None None None 2017-11-14 10:46:51 UTC

Description Huzaifa S. Sidhpurwala 2017-11-13 10:10:52 UTC 
As per upstream samba advisory:

All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.

There is no known vulnerability associated with this error, but uncleared heap memory may contain previously used data that may help an attacker compromise the  server via other methods. Uncleared heap memory may potentially contain password hashes or other high-value data.
Comment 1 Huzaifa S. Sidhpurwala 2017-11-13 10:11:00 UTC 
Acknowledgements:

Name: the Samba project
Upstream: Volker Lendecke (SerNet and the Samba Team)
Comment 4 Huzaifa S. Sidhpurwala 2017-11-21 08:59:44 UTC 
External References:

https://www.samba.org/samba/security/CVE-2017-15275.html
Comment 5 Huzaifa S. Sidhpurwala 2017-11-21 09:01:05 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1515692]
Comment 6 errata-xmlrpc 2017-11-27 04:13:48 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.3 for RHEL 6
  Red Hat Gluster Storage 3.3 for RHEL 7

Via RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3261
Comment 7 errata-xmlrpc 2017-11-27 04:40:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3260
Comment 8 errata-xmlrpc 2017-11-29 08:04:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:3278 https://access.redhat.com/errata/RHSA-2017:3278
Note You need to log in before you can comment on or make changes to this bug.