CVE-2017-12151

samba: SMB2 connections don't keep encryption across DFS redirects

Severity Score

7.4

*CVSS v3

Exploit Likelihood

2.1%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Se ha encontrado un fallo en la forma en la que el cliente samba en versiones anteriores a samba 4.4.16, samba 4.5.14 y samba 4.6.8 utilizaba cifrado con el protocolo max establecido en SMB3. La conexión podía perder el requisito de firmar y cifrar con cualquier redirección DFS, lo que permitía a un atacante leer o alterar el contenido de la conexión mediante un ataque Man-in-the-Middle (MitM).

A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote attacker could use this issue to perform a man in the middle attack. Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-01 CVE Reserved
2017-09-21 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-300: Channel Accessible by Non-Endpoint
CWE-310: Cryptographic Issues

CAPEC

References (11)

URL	Tag	Source
http://www.securityfocus.com/bid/100917	Third Party Advisory
http://www.securitytracker.com/id/1039401	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151	Issue Tracking
https://security.netapp.com/advisory/ntap-20170921-0001	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hp...	Third Party Advisory

1 - 5 of 5

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:2790	2019-10-09
https://access.redhat.com/errata/RHSA-2017:2858	2019-10-09
https://www.debian.org/security/2017/dsa-3983	2019-10-09
https://www.samba.org/samba/security/CVE-2017-12151.html	2019-10-09
https://access.redhat.com/security/cve/CVE-2017-12151	2017-10-04
https://bugzilla.redhat.com/show_bug.cgi?id=1488197	2017-10-04

1 - 6 of 6

Affected Vendors, Products, and Versions (12)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				< 4.4.16 Search vendor "Samba" for product "Samba" and version " < 4.4.16"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.5.0 < 4.5.14 Search vendor "Samba" for product "Samba" and version " >= 4.5.0 < 4.5.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.6.0 < 4.6.8 Search vendor "Samba" for product "Samba" and version " >= 4.6.0 < 4.6.8"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5"		-		Affected

1 - 10 of 12