Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201805-07
HistoryMay 22, 2018 - 12:00 a.m.

Samba: Multiple vulnerabilities

2018-05-2200:00:00
Gentoo Foundation
security.gentoo.org
472

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

JSON

Background

Samba is a suite of SMB and CIFS client/server programs.

Description

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Samba users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-4.5.16"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-fs/samba< 4.5.16UNKNOWN

Related

nessus 53
openvas 44
slackware 2
debian 5
redhat 4
ibm 8
suse 3
archlinux 2
centos 3
fedora 6
amazon 2
ubuntu 4
oraclelinux 3
altlinux 12
osv 6
mageia 2
cisa 1
thn 1
freebsd 2
threatpost 1
f5 4
samba 4
debiancve 3
prion 3
veracode 3
cve 3
redhatcve 3
nvd 3
alpinelinux 2
checkpoint_advisories 2
cvelist 2
ubuntucve 3
nessus
nessus
GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)
2018-05-23 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2018:2321-1)
2018-08-15 00:00:00
EulerOS Virtualization 3.0.1.0 : samba (EulerOS-SA-2019-1447)
2019-05-14 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2321-1)
2021-04-19 00:00:00
Slackware: Security Advisory (SSA:2017-332-01)
2022-04-21 00:00:00
CentOS Update for ctdb CESA-2017:3260 centos7
2017-11-28 00:00:00
slackware
slackware
[slackware-security] samba
2017-11-28 07:48:13
[slackware-security] samba
2016-07-07 19:54:48
debian
debian
[SECURITY] [DSA 4043-1] samba security update
2017-11-21 16:53:22
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
redhat
redhat
(RHSA-2017:3278) Important: samba4 security update
2017-11-29 07:33:57
(RHSA-2017:3260) Important: samba security update
2017-11-27 03:38:39
(RHSA-2017:3261) Important: samba security update
2017-11-27 03:41:03
ibm
ibm
Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-14746, CVE-2017-15275)
2018-08-01 18:40:02
Security Bulletin: Multiple Samba vulnerabilities affect IBM SONAS
2018-06-18 00:51:30
Security Bulletin: Multiple Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15275, CVE-2017-14746 )
2018-06-18 00:51:29
suse
suse
Security update for samba (important)
2017-11-30 03:11:26
Security update for samba (important)
2017-11-27 22:16:50
Security update for samba (important)
2017-11-24 21:18:31
archlinux
archlinux
[ASA-201712-1] samba: multiple issues
2017-12-02 00:00:00
[ASA-201803-10] samba: multiple issues
2018-03-13 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2017-11-27 18:28:01
samba4 security update
2017-11-29 16:18:55
samba4 security update
2016-07-26 11:29:16
fedora
fedora
[SECURITY] Fedora 26 Update: samba-4.6.11-0.fc26
2017-11-28 00:50:44
[SECURITY] Fedora 27 Update: samba-4.7.3-0.fc27
2017-11-27 21:25:54
[SECURITY] Fedora 26 Update: samba-4.6.14-0.fc26
2018-03-20 17:38:39
amazon
amazon
Important: samba
2017-12-20 18:53:00
Medium: samba
2016-08-17 13:30:00
ubuntu
ubuntu
Samba vulnerabilities
2017-11-21 00:00:00
Samba vulnerabilities
2018-03-13 00:00:00
Samba vulnerability
2017-11-21 00:00:00
oraclelinux
oraclelinux
samba security update
2017-11-27 00:00:00
samba4 security update
2017-11-29 00:00:00
samba4 security update
2016-07-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package samba version 4.6.11-alt1
2017-11-21 00:00:00
Security fix for the ALT Linux 10 package samba version 4.6.11-alt1.S1
2017-11-21 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.6.11-alt1
2017-11-21 00:00:00
osv
osv
samba - security update
2017-11-21 00:00:00
samba - security update
2018-03-13 00:00:00
samba - security update
2019-04-09 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2018-04-13 23:08:48
Updated samba packages fix security vulnerabilities
2018-01-02 19:25:41
cisa
cisa
Samba Releases Security Updates
2018-03-13 00:00:00
thn
thn
Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
2018-03-13 10:05:00
freebsd
freebsd
samba -- multiple vulnerabilities
2018-01-03 00:00:00
samba -- client side SMB2/3 required signing can be downgraded
2016-07-07 00:00:00
threatpost
threatpost
Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 12:56:17
f5
f5
K48527562 : Samba vulnerabilities CVE-2021-20277, CVE-2017-14746, CVE-2017-15275
2022-07-18 00:00:00
SOL13364192 - samba vulnerability CVE-2016-2119
2016-10-11 00:00:00
K13364192 : Samba vulnerability CVE-2016-2119
2016-10-11 00:00:00
samba
samba
Use-after-free vulnerability.
2017-11-21 00:00:00
Server heap memory information leak.
2017-11-21 00:00:00
Client side SMB2/3 required signing can be downgraded
2016-07-07 00:00:00
debiancve
debiancve
CVE-2017-14746
2017-11-27 22:29:00
CVE-2017-15275
2017-11-27 22:29:00
CVE-2016-2119
2016-07-07 15:59:00
prion
prion
Design/Logic Flaw
2017-11-27 22:29:00
Heap overflow
2017-11-27 22:29:00
Design/Logic Flaw
2016-07-07 15:59:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:19:53
Information Disclosure
2019-05-02 06:37:48
Man-in-the-Middle (MitM)
2019-01-15 09:12:19
cve
cve
CVE-2017-14746
2017-11-27 22:29:00
CVE-2017-15275
2017-11-27 22:29:00
CVE-2016-2119
2016-07-07 15:59:00
redhatcve
redhatcve
CVE-2017-14746
2017-11-21 09:21:30
CVE-2017-15275
2017-11-21 09:20:31
CVE-2016-2119
2016-07-07 10:48:53
nvd
nvd
CVE-2017-14746
2017-11-27 22:29:00
CVE-2017-15275
2017-11-27 22:29:00
CVE-2016-2119
2016-07-07 15:59:00
alpinelinux
alpinelinux
CVE-2017-15275
2017-11-27 22:29:00
CVE-2017-14746
2017-11-27 22:29:00
checkpoint_advisories
checkpoint_advisories
Samba SMB1 Server Use After Free (CVE-2017-14746)
2018-01-02 00:00:00
Samba SMB1 message_push_string Information Disclosure (CVE-2017-15275)
2018-01-07 00:00:00
cvelist
cvelist
CVE-2017-14746
2017-11-27 22:00:00
CVE-2017-15275
2017-11-27 22:00:00
ubuntucve
ubuntucve
CVE-2017-14746
2017-11-21 00:00:00
CVE-2017-15275
2017-11-21 00:00:00
CVE-2016-2119
2016-07-07 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

JSON
Related for GLSA-201805-07
nessus53openvas44slackware2debian5redhat4ibm8suse3archlinux2centos3fedora6amazon2ubuntu4oraclelinux3altlinux12osv6mageia2cisa1thn1freebsd2threatpost1f54samba4debiancve3prion3veracode3cve3redhatcve3nvd3alpinelinux2checkpoint_advisories2cvelist2ubuntucve3