SMB: Samba SMB1 Information Disclosure

This signature detects attempts to exploit a known vulnerability in the SMB1 component of Samba. Successful exploitation results in the disclosure of server memory contents into the file that is being written to.

Extended Description

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Affected Products

Redhat enterprise_linux_workstation

References

CVE: CVE-2017-12163

Short Name
SMB:SAMBA:SAMBA-SMB1-ID
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
CVE-2017-12163 Disclosure Information SMB1 Samba
Release Date
10/11/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Samba

Debian

Redhat

CVSS Score

4.8

Found a potential security threat?