5.9
CVE-2016-2112
- EPSS 9.35%
- Veröffentlicht 25.04.2016 00:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.35% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
https://www.samba.org/samba/history/samba-4.2.10.html
https://security.gentoo.org/glsa/201612-47
http://badlock.org/
https://bto.bluecoat.com/security-advisory/sa122
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
http://rhn.redhat.com/errata/RHSA-2016-0611.html
http://rhn.redhat.com/errata/RHSA-2016-0612.html
http://rhn.redhat.com/errata/RHSA-2016-0613.html
http://rhn.redhat.com/errata/RHSA-2016-0614.html
http://rhn.redhat.com/errata/RHSA-2016-0618.html
http://rhn.redhat.com/errata/RHSA-2016-0619.html
http://rhn.redhat.com/errata/RHSA-2016-0620.html
http://rhn.redhat.com/errata/RHSA-2016-0624.html
http://www.debian.org/security/2016/dsa-3548
http://www.securitytracker.com/id/1035533
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
http://www.ubuntu.com/usn/USN-2950-1
http://www.ubuntu.com/usn/USN-2950-2
http://www.ubuntu.com/usn/USN-2950-3
http://www.ubuntu.com/usn/USN-2950-4
http://www.ubuntu.com/usn/USN-2950-5
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
https://www.samba.org/samba/latest_news.html#4.4.2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
https://www.samba.org/samba/security/CVE-2016-2112.html