5.4
CVE-2015-5296
- EPSS 7.26%
- Veröffentlicht 29.12.2015 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.26% | 0.936 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.2 | 2.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://www.debian.org/security/2016/dsa-3433
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
https://security.gentoo.org/glsa/201612-47
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
http://www.securityfocus.com/bid/79732
https://bugzilla.redhat.com/show_bug.cgi?id=1290292
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=d724f835acb9f4886c0001af32cd325dbbf1f895
https://www.samba.org/samba/security/CVE-2015-5296.html