7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
52.7%
There are several code paths where the code doesn’t enforce SMB signing:
The fixes for CVE-2015-5296 didn’t apply the implied signing protection
when enforcing encryption for commands like ‘smb2mount -e’, ‘smbcacls -e’ and
‘smbcquotas -e’.
The python binding exported as ‘samba.samba3.libsmb_samba_internal’
doesn’t make use of the “client signing” smb.conf option.
libgpo as well as ‘net ads gpo’ doesn’t require SMB signing when fetching
group policies.
Commandline tools like ‘smbclient’, ‘smbcacls’ and ‘smbcquotas’ allow
a fallback to an anonymous connection when using the ‘–use-ccache’
option and this happens even if SMB signing is required.
A patch addressing this defect has been posted to
https://www.samba.org/samba/security/
Additionally 4.6.8, 4.5.14 and 4.4.16 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.
The missing implied signing for ‘smb2mount -e’, ‘smbcacls -e’ and
‘smbcquotas -e’ can be enforced by explicitly using ‘–signing=required’
on the commandline or “client signing = required” in smb.conf.
This vulnerability was discovered and researched by Stefan Metzmacher of
SerNet (https://samba.plus) and the Samba Team (https://www.samba.org),
who also provides the fixes.
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
52.7%