Vulnerability Details : CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Vulnerability category: Overflow
Products affected by CVE-2017-15275
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
Threat overview for CVE-2017-15275
Top countries where our scanners detected CVE-2017-15275
Top open port discovered on systems with this issue
445
IPs affected by CVE-2017-15275 148,364
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-15275!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-15275
91.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15275
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-15275
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15275
-
https://www.synology.com/support/security/Synology_SA_17_72_Samba
Synology Inc.Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3261
RHSA-2017:3261 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3278
RHSA-2017:3278 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.samba.org/samba/security/CVE-2017-15275.html
Samba - Security Announcement ArchiveVendor Advisory
-
http://www.ubuntu.com/usn/USN-3486-2
USN-3486-2: Samba vulnerability | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html
[SECURITY] [DLA 1183-1] samba security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201805-07
Samba: Multiple vulnerabilities (GLSA 201805-07) — Gentoo securityThird Party Advisory
-
http://www.securitytracker.com/id/1039855
Samba Flaw Lets Remote Users Obtain Potentially Sensitive Information from Heap Memory on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:3260
RHSA-2017:3260 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3486-1
USN-3486-1: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
HPESBUX03817 rev.2 - HP-UX CIFS Server, Local and Remote VulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/101908
Samba CVE-2017-15275 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2017/dsa-4043
Debian -- Security Information -- DSA-4043-1 sambaThird Party Advisory
Jump to