CVE-2017-15086 – samba: SMB2 connections don't keep encryption across DFS redirects (incomplete fix of CVE-2017-12151)
https://notcve.org/view.php?id=CVE-2017-15086
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Se descubrió que la solución para CVE-2017-12151 no se subió correctamente en la errata RHSA-2017:2858 para Red Hat Gluster Storage 3.3 para RHEL 6. • http://www.securityfocus.com/bid/101555 https://access.redhat.com/errata/RHSA-2017:3110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086 https://access.redhat.com/security/cve/CVE-2017-15086 https://bugzilla.redhat.com/show_bug.cgi?id=1505785 • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2017-15087 – samba: Server memory information leak over SMB1 (incomplete fix for CVE-2017-12163)
https://notcve.org/view.php?id=CVE-2017-15087
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Se descubrió que la solución para CVE-2017-12163 no se subió correctamente en la errata RHSA-2017:2858 para Red Hat Gluster Storage 3.3 para RHEL 6. • http://www.securityfocus.com/bid/101556 https://access.redhat.com/errata/RHSA-2017:3110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15087 https://access.redhat.com/security/cve/CVE-2017-15087 https://bugzilla.redhat.com/show_bug.cgi?id=1505788 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12150 – samba: Some code path don't enforce smb signing, when they should
https://notcve.org/view.php?id=CVE-2017-12150
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Se ha descubierto que Samba en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y versiones 4.6.x anteriores a la 4.6.8 no cumple "SMB signing" cuando están habilitadas determinadas opciones de configuración. Un atacante remoto podría lanzar un ataque Man-in-the-Middle (MitM) y recuperar información en texto plano. It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. • http://www.securityfocus.com/bid/100918 http://www.securitytracker.com/id/1039401 https://access.redhat.com/errata/RHSA-2017:2789 https://access.redhat.com/errata/RHSA-2017:2790 https://access.redhat.com/errata/RHSA-2017:2791 https://access.redhat.com/errata/RHSA-2017:2858 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us https://security.netapp.com/advisory/ntap-20170 • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2017-12163 – Samba: Server memory information leak over SMB1
https://notcve.org/view.php?id=CVE-2017-12163
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Se ha descubierto una vulnerabilidad de fuga de información en la manera en la que Samba, en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y versiones 4.6.x anteriores a la 4.6.8, implementó el protocolo SMB1. Un cliente malicioso podría utilizar esta vulnerabilidad para volcar los contenidos de la memoria del servidor en un archivo en el almacenamiento de samba o en una impresora compartida, aunque el atacante no pueda controlar el área exacta de memoria del servidor. An information leak flaw was found in the way SMB1 protocol was implemented by Samba. • http://www.securityfocus.com/bid/100925 http://www.securitytracker.com/id/1039401 https://access.redhat.com/errata/RHSA-2017:2789 https://access.redhat.com/errata/RHSA-2017:2790 https://access.redhat.com/errata/RHSA-2017:2791 https://access.redhat.com/errata/RHSA-2017:2858 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us https://security.netapp.com/advisory/ntap-20170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese controlar los resultados de las llamadas lookup(), podrían inyectar cadenas Unicode para que sean analizadas por el sistema de plantillas jinja2, resultando en una ejecución de código. • http://www.securityfocus.com/bid/98492 https://access.redhat.com/errata/RHSA-2017:1244 https://access.redhat.com/errata/RHSA-2017:1334 https://access.redhat.com/errata/RHSA-2017:1476 https://access.redhat.com/errata/RHSA-2017:1499 https://access.redhat.com/errata/RHSA-2017:1599 https://access.redhat.com/errata/RHSA-2017:2524 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481 https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 https://lists.deb • CWE-20: Improper Input Validation •