5.9

CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version4.0.0
SambaSamba Version4.0.1
SambaSamba Version4.0.2
SambaSamba Version4.0.3
SambaSamba Version4.0.4
SambaSamba Version4.0.5
SambaSamba Version4.0.6
SambaSamba Version4.0.7
SambaSamba Version4.0.8
SambaSamba Version4.0.9
SambaSamba Version4.0.10
SambaSamba Version4.0.11
SambaSamba Version4.0.12
SambaSamba Version4.0.13
SambaSamba Version4.0.14
SambaSamba Version4.0.15
SambaSamba Version4.0.16
SambaSamba Version4.0.17
SambaSamba Version4.0.18
SambaSamba Version4.0.19
SambaSamba Version4.0.20
SambaSamba Version4.0.21
SambaSamba Version4.0.22
SambaSamba Version4.0.23
SambaSamba Version4.0.24
SambaSamba Version4.0.25
SambaSamba Version4.0.26
SambaSamba Version4.1.0
SambaSamba Version4.1.1
SambaSamba Version4.1.2
SambaSamba Version4.1.3
SambaSamba Version4.1.4
SambaSamba Version4.1.5
SambaSamba Version4.1.6
SambaSamba Version4.1.7
SambaSamba Version4.1.8
SambaSamba Version4.1.9
SambaSamba Version4.1.10
SambaSamba Version4.1.11
SambaSamba Version4.1.12
SambaSamba Version4.1.13
SambaSamba Version4.1.14
SambaSamba Version4.1.15
SambaSamba Version4.1.16
SambaSamba Version4.1.17
SambaSamba Version4.1.18
SambaSamba Version4.1.19
SambaSamba Version4.1.20
SambaSamba Version4.1.21
SambaSamba Version4.1.22
SambaSamba Version4.1.23
SambaSamba Version4.2.0 Updaterc1
SambaSamba Version4.2.0 Updaterc2
SambaSamba Version4.2.0 Updaterc3
SambaSamba Version4.2.0 Updaterc4
SambaSamba Version4.2.1
SambaSamba Version4.2.2
SambaSamba Version4.2.3
SambaSamba Version4.2.4
SambaSamba Version4.2.5
SambaSamba Version4.2.6
SambaSamba Version4.2.7
SambaSamba Version4.2.8
SambaSamba Version4.2.9
SambaSamba Version4.3.0
SambaSamba Version4.3.1
SambaSamba Version4.3.2
SambaSamba Version4.3.3
SambaSamba Version4.3.4
SambaSamba Version4.3.5
SambaSamba Version4.3.6
SambaSamba Version4.4.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.6% 0.833
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://www.samba.org/samba/history/samba-4.2.10.html
https://security.gentoo.org/glsa/201612-47
http://badlock.org/
https://bto.bluecoat.com/security-advisory/sa122
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
http://rhn.redhat.com/errata/RHSA-2016-0612.html
http://rhn.redhat.com/errata/RHSA-2016-0614.html
http://rhn.redhat.com/errata/RHSA-2016-0618.html
http://rhn.redhat.com/errata/RHSA-2016-0620.html
http://www.debian.org/security/2016/dsa-3548
http://www.securitytracker.com/id/1035533
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
http://www.ubuntu.com/usn/USN-2950-1
http://www.ubuntu.com/usn/USN-2950-2
http://www.ubuntu.com/usn/USN-2950-3
http://www.ubuntu.com/usn/USN-2950-4
http://www.ubuntu.com/usn/USN-2950-5
https://www.samba.org/samba/latest_news.html#4.4.2
http://www.securityfocus.com/bid/86011
https://www.samba.org/samba/security/CVE-2016-2114.html
Patch
Vendor Advisory