Home Unlabelled IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150)

IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150)

By
Tuesday, November 28, 2017
Read
Add Comment

Nov 28, 2017 9:00 am EST

Categorized: High Severity

Share this post:

Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method that: – could allow a remote authenticated attacker to obtain sensitive information, caused by a memory leak over SMB1 (CVE-2017-12163) – could provide weaker than expected security, caused by the failure to properly sign and encrypt DFS redirects when the max protocol for the original connection is set as ”SMB3” (CVE-2017-12151) – could allow a remote attacker to obtain sensitive information, caused by the failure to require SMB signing in SMB1/2/3 connections (CVE-2017-12150)

CVE(s): CVE-2017-12163, CVE-2017-12151, CVE-2017-12150

Affected product(s) and affected version(s):

IBM Spectrum Scale 4.2.3.0 thru 4.2.3.4

IBM Spectrum Scale 4.2.2.0 thru 4.2.2.3

IBM Spectrum Scale 4.2.1.0 thru 4.2.1.2

IBM Spectrum Scale 4.2.0.0 thru 4.2.0.4

IBM Spectrum Scale 4.1.1.0 thru 4.1.1.17

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iY21gj
X-Force Database: http://ift.tt/2zTWb6I
X-Force Database: http://ift.tt/2xt0Hr0
X-Force Database: http://ift.tt/2zSMu8u



from IBM Product Security Incident Response Team http://ift.tt/2BjEmxN
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us