5.4

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.2.0 < 4.1.22
SambaSamba Version >= 4.2.0 < 4.2.7
SambaSamba Version >= 4.3.0 < 4.3.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.26% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.2 2.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3433
Third Party Advisory
http://www.securitytracker.com/id/1034493
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2855-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2855-2
Third Party Advisory
https://security.gentoo.org/glsa/201612-47
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/79732
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1290292
Third Party Advisory
Issue Tracking
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=d724f835acb9f4886c0001af32cd325dbbf1f895
https://www.samba.org/samba/security/CVE-2015-5296.html
Vendor Advisory