CVE-2017-12150

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12150

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12150.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12150

Downstream

ALPINE-CVE-2017-12150

DEBIAN-CVE-2017-12150

DLA-1110-1

DSA-3983-1

RHSA-2017:2789

RHSA-2017:2790

RHSA-2017:2791

RHSA-2017:2858

SUSE-SU-2017:2650-1

SUSE-SU-2017:2695-1

SUSE-SU-2017:2704-1

SUSE-SU-2017:2715-1

SUSE-SU-2017:2726-1

SUSE-SU-2017:2971-1

SUSE-SU-2017:3155-1

UBUNTU-CVE-2017-12150

USN-3426-1

openSUSE-SU-2024:11365-1

Related

Published

2018-07-26T18:29:00Z

Modified

2025-10-21T02:34:53Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type: GIT
Repo: https://github.com/samba-team/samba
Events: Introduced

ad4be8a01adacd96c5f0fe1bb87a170ab88d2b88

Fixed

89edb76883be2d19f490ea9b5d898ac37f8b60f1