New issue
Advanced search Search tips

Issue 892597 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 5
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in net-fs/samba

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Oct 5 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: net-fs/samba
Package Version: [cpe:/a:samba:samba:4.5.3 cpe:/a:samba:samba:4.8.0]

Advisory: CVE-2017-12163
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12163
  CVSS severity score: 4.8/10.0
  Confidence: high
  Description:

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Comment 1 by jorgelo@chromium.org, Oct 5

Status: WontFix (was: Untriaged)
We're actually at 4.8 already.
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 11

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment