1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2017-12163.html:</H2>
15 ====================================================================
16 == Subject: Server memory information leak over SMB1
18 == CVE ID#: CVE-2017-12163
20 == Versions: All versions of Samba.
22 == Summary: Client with write access to a share can cause
23 == server memory contents to be written into a file
26 ====================================================================
32 All versions of Samba are vulnerable to a server memory information
33 leak bug over SMB1 if a client can write data to a share. Some SMB1
34 write requests were not correctly range checked to ensure the client
35 had sent enough data to fulfill the write, allowing server memory
36 contents to be written into the file (or printer) instead of client
37 supplied data. The client cannot control the area of the server memory
38 that is written to the file (or printer).
44 A patch addressing this defect has been posted to
46 http://www.samba.org/samba/security/
48 Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
49 security releases to correct the defect. Patches against older Samba
50 versions are available at http://samba.org/samba/patches/. Samba
51 vendors and administrators running affected versions are advised to
52 upgrade or apply the patch as soon as possible.
58 As this is an SMB1-only vulnerability, it can be avoided by setting
59 the server to only use SMB2 via adding:
61 server min protocol = SMB2_02
63 to the [global] section of your smb.conf and restarting smbd.
69 This problem was reported by Yihan Lian and Zhibin Hu, security
70 researchers with Qihoo 360 GearTeam. Stefan Metzmacher of SerNet and the
71 Samba Team and Jeremy Allison of Google and the Samba Team provided