CVE-2017-12163

Summary

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Affected Software

VendorProductVersion RangeStatus
SambaSamba4.7affected
SambaSamba4.6.8affected
SambaSamba4.5.14affected
SambaSamba4.4.16affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References