CVE-2017-12150
published 2017-11-08CVE-2017-12150: It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
PriorityP348high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
13.23%
95.9th percentile
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | samba | < samba 2:4.6.7+dfsg-2 (bookworm) | samba 2:4.6.7+dfsg-2 (bookworm) |
| debian | samba | — | — |
| msrc | azl3_samba_4.18.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| red_hat_inc | gluster_storage_for_rhel_6 | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | gluster_storage | — | — |
| redhat | gluster_storage | — | — |
| samba | samba | >= 0 < 2:4.6.7+dfsg-2 | 2:4.6.7+dfsg-2 |
| samba | samba | >= 0 < 2:4.6.7+dfsg-2 | 2:4.6.7+dfsg-2 |
| samba | samba | >= 0 < 2:4.6.7+dfsg-2 | 2:4.6.7+dfsg-2 |
| samba | samba | >= 0 < 2:4.6.7+dfsg-2 | 2:4.6.7+dfsg-2 |
| samba | samba | >= 0 < 2:4.3.11+dfsg-0ubuntu0.14.04.12 | 2:4.3.11+dfsg-0ubuntu0.14.04.12 |
| samba | samba | >= 0 < 2:4.3.11+dfsg-0ubuntu0.16.04.11 | 2:4.3.11+dfsg-0ubuntu0.16.04.11 |
| samba | samba | >= 3.0.25 < 4.4.16 | 4.4.16 |
| samba | samba | >= 4.5.0 < 4.5.14 | 4.5.14 |
| samba | samba | >= 4.6.0 < 4.6.8 | 4.6.8 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv7.4HIGH
vendor_debian7.4HIGH
vendor_msrc7.4HIGH
vendor_redhat7.4HIGH
vendor_ubuntu7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3747-3v6r-p947: It was found that samba before 4
ghsa_unreviewed·2022-05-13
CVE-2017-12150 [HIGH] GHSA-3747-3v6r-p947: It was found that samba before 4
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
GHSA
GHSA-44p5-fr45-3p7f: It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3
ghsa_unreviewed·2022-05-13·CVSS 7.4
CVE-2017-15085 [HIGH] CWE-200 GHSA-44p5-fr45-3p7f: It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
OSV
CVE-2017-12150: It was found that samba before 4
osv·2018-07-26·CVSS 7.4
CVE-2017-12150 [HIGH] CVE-2017-12150: It was found that samba before 4
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
OSV
samba vulnerabilities
osv·2017-09-21·CVSS 7.4
CVE-2017-12150 [HIGH] samba vulnerabilities
samba vulnerabilities
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a
machine-in-the-middle attack. (CVE-2017-12150)
Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
machine-in-the-middle attack. (CVE-2017-12151)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Microsoft
It was found that samba before 4.4.16 4.5.x before 4.5.14 and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-
vendor_msrc·2018-07-10·CVSS 7.4
CVE-2017-12150 [HIGH] CWE-300 It was found that samba before 4.4.16 4.5.x before 4.5.14 and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-
It was found that samba before 4.4.16 4.5.x before 4.5.14 and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2017-11-02·CVSS 7.4
CVE-2017-12150 [HIGH] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in XXX-APP-XXX.
USN-3426-1 fixed several vulnerabilities in Samba. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a
machine-in-the-middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
vendor_redhat·2017-10-24·CVSS 7.4
CVE-2017-15085 [HIGH] CWE-300 samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
Package: samba (Red Hat Enterprise Linux 5) - Not affected
Package: samba3x (Red Hat Enterprise Linux 5) - Not affected
Package: samba (Red Hat Enterprise Linux 6) - Not affected
Package: samba4 (Red Hat Enterprise Linux 6) - Not affected
Package: samba (Red Hat Enterprise Linux 7) - Not affected
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2017-09-21·CVSS 7.4
CVE-2017-12150 [HIGH] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Samba could be made to expose sensitive information over the network.
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a
machine-in-the-middle attack. (CVE-2017-12150)
Stefan Metzmacher discovered that Samba incorrectly handled encryption
across DFS redirects. A remote attacker could use this issue to perform a
machine-in-the-middle attack. (CVE-2017-12151)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
samba: Some code path don't enforce smb signing, when they should
vendor_redhat·2017-09-20·CVSS 7.4
CVE-2017-12150 [HIGH] CWE-300 samba: Some code path don't enforce smb signing, when they should
samba: Some code path don't enforce smb signing, when they should
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Mitigation: The missing implied signing for 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e' can be enforced by explicitly using '--signing=required' on the commandline or "client signing = required" in smb.conf.
Package: samba (Red Hat Enterprise Linux 5) - Will not
Debian
CVE-2017-15085: samba - It was discovered that the fix for CVE-2017-12150 was not properly shipped in er...
vendor_debian·2017·CVSS 7.4
CVE-2017-15085 [HIGH] CVE-2017-15085: samba - It was discovered that the fix for CVE-2017-12150 was not properly shipped in er...
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2017-12150: samba - It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6...
vendor_debian·2017·CVSS 7.4
CVE-2017-12150 [HIGH] CVE-2017-12150: samba - It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6...
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Scope: local
bookworm: resolved (fixed in 2:4.6.7+dfsg-2)
bullseye: resolved (fixed in 2:4.6.7+dfsg-2)
forky: resolved (fixed in 2:4.6.7+dfsg-2)
sid: resolved (fixed in 2:4.6.7+dfsg-2)
trixie: resolved (fixed in 2:4.6.7+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-15085 samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
bugzilla·2017-10-24·CVSS 7.4
CVE-2017-15085 [HIGH] CVE-2017-15085 samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
CVE-2017-15085 samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
It was found that Red Hat Gluster Storage 3 for RHEL-6 shipped incomplete fix for CVE-2017-12150.
Discussion:
This issue has been addressed in the following products:
Red Hat Gluster Storage 3.3 for RHEL 6
Via RHSA-2017:3110 https://access.redhat.com/errata/RHSA-2017:3110
Bugzilla
CVE-2017-12151 CVE-2017-12150 CVE-2017-12163 samba: Multiple security flaws [fedora-all]
bugzilla·2017-09-20·CVSS 7.4
CVE-2017-12151 [HIGH] CVE-2017-12151 CVE-2017-12150 CVE-2017-12163 samba: Multiple security flaws [fedora-all]
CVE-2017-12151 CVE-2017-12150 CVE-2017-12163 samba: Multiple security flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
Bugzilla
CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should
bugzilla·2017-09-05·CVSS 5.4
CVE-2017-12150 [MEDIUM] CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should
CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should
There are several code paths where the code doesn't enforce SMB signing:
* The fixes for CVE-2015-5296 didn't apply the implied signing protection
when enforcing encryption for commands like 'smb2mount -e', 'smbcacls -e' and
'smbcquotas -e'.
* The python binding exported as 'samba.samba3.libsmb_samba_internal'
doesn't make use of the "client signing" smb.conf option.
* libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching
group policies.
* Commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow
a fallback to an anonymous connection when using the '--use-ccache'
option and this happens even if SMB signing is required.
Discussion:
Acknowledgments:
Name: the Samba project
2017-11-08
Published