5.4

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.2.0 < 4.1.22
SambaSamba Version >= 4.2.0 < 4.2.7
SambaSamba Version >= 4.3.0 < 4.3.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.15% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.2 2.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1034493
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/79732
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1290292
Third Party Advisory
Issue Tracking