SID 1:45074

Report a false positive

Rule Category

SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.

Alert Message

SERVER-SAMBA Samba unsigned connections attempt

Rule Explanation

This event is generated when an SMB connection is not correctly enforced to be signed, which may lead to connection hijacking. Impact: Attempted User Privilege Gain Details: There are specific Samba commands that doesn't enforce a signing of the Samba connection when they explicitly require to use it. This lack of enforcement, could lead to a hijacking of the connections since they are not encrypted and the information could be modified intentionally by a man in the middle attack. Ease of Attack: Hard

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

samba.org/samba/security/CVE-2017-12150.html

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None