CVE-2017-12163

2017-09-2000:00:00

ubuntu.com

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

0.664 Medium

EPSS

Percentile

97.9%

JSON

An information leak flaw was found in the way SMB1 protocol was implemented
by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A
malicious client could use this flaw to dump server memory contents to a
file on the samba share or to a shared printer, though the exact area of
server memory cannot be controlled by the attacker.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=13020>

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchsamba< 2:4.6.7+dfsg-1ubuntu3UNKNOWN
ubuntu14.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.14.04.12UNKNOWN
ubuntu16.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.16.04.11UNKNOWN
ubuntu17.04noarchsamba< 2:4.5.8+dfsg-0ubuntu0.17.04.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	samba	< 2:4.6.7+dfsg-1ubuntu3	UNKNOWN
ubuntu	14.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.14.04.12	UNKNOWN
ubuntu	16.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.16.04.11	UNKNOWN
ubuntu	17.04	noarch	samba	< 2:4.5.8+dfsg-0ubuntu0.17.04.7	UNKNOWN