DSA-3983-1 samba -- sambaID: oval:org.secpod.oval:def:53143 | Date: (C)2019-04-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encryption when following DFS redirects, which could allow a man-in-the-middle attacker to read or modify connections which were meant to be encrypted. CVE-2017-12163 Yihan Lian and Zhibin Hu discovered that insufficient range checks in the processing of SMB1 write requests could result in disclosure of server memory.