Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-044.092117: TT-CSIRT Advisory – Samba Security Updates

TTCSIRT-044.092117: TT-CSIRT Advisory – Samba Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba –

a) A man in the middle attack may hijack client connections.

b) A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used SMB3.

c) Client with write access to a share can cause server memory contents to be written into a file or printer.

Further information on these vulnerabilities and how they can be fixed can be found on the SAMBA Website via the following URLS:

https://www.samba.org/samba/security/CVE-2017-12150.html
https://www.samba.org/samba/security/CVE-2017-12151.html
https://www.samba.org/samba/security/CVE-2017-12163.html