=============================================================================== == Subject: SMB1/2/3 connections may not require signing where they should == == CVE ID#: CVE-2017-12150 == == Versions: Samba 3.0.25 to 4.6.7 == == Summary: A man in the middle attack may hijack client connections. == =============================================================================== =========== Description =========== There are several code paths where the code doesn't enforce SMB signing: * The fixes for CVE-2015-5296 didn't apply the implied signing protection when enforcing encryption for commands like 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e'. * The python binding exported as 'samba.samba3.libsmb_samba_internal' doesn't make use of the "client signing" smb.conf option. * libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching group policies. * Commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow a fallback to an anonymous connection when using the '--use-ccache' option and this happens even if SMB signing is required. ================== Patch Availability ================== A patch addressing this defect has been posted to https://www.samba.org/samba/security/ Additionally 4.6.8, 4.5.14 and 4.4.16 have been issued as security releases to correct the defect. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== The missing implied signing for 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e' can be enforced by explicitly using '--signing=required' on the commandline or "client signing = required" in smb.conf.