Vulnerability identifier: #VU8518

Vulnerability risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12163

CWE-ID: CWE-401

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to memory information leak over SMB1. A client with write access to a share can cause server memory contents to be written into a file or printer. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer).

Mitigation
Update to version 4.6.8, 4.5.14 and 4.4.16 or apply patches:
https://www.samba.org/samba/ftp/patches/security/samba-4.4.15-security-2017-09-20.patch
https://www.samba.org/samba/ftp/patches/security/samba-4.5.13-security-2017-09-20.patch
https://www.samba.org/samba/ftp/patches/security/samba-4.6.7-security-2017-09-20.patch

Vulnerable software versions

Samba: 4.6.0 - 4.6.7, 4.5.0 - 4.5.13, 4.4.0 - 4.4.15, 4.3.0 - 4.3.13, 4.2.0 - 4.2.14, 4.1.0 - 4.1.23, 4.0.0 - 4.0.26, 3.6.0 - 3.6.25, 3.5 - 3.5.22, 3.1 - 3.1.0, 3.4 - 3.4.17, 2.2 - 2.2a, 3.3 - 3.3.16, 3.0 - 3.0.37, 3.2 - 3.2.15, 2.18.3, 2.0 - 2.0.10, 1.9.17 - 1.9.18

---

External links
http://www.samba.org/samba/security/CVE-2017-12163.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.