7.5

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.6.0 < 4.2.10
SambaSamba Version >= 4.3.0 < 4.3.7
SambaSamba Version >= 4.4.0 < 4.4.1
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.93% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Third Party Advisory
Mailing List
https://www.samba.org/samba/history/samba-4.2.10.html
Third Party Advisory
https://security.gentoo.org/glsa/201612-47
Third Party Advisory
http://badlock.org/
Third Party Advisory
Technical Description
https://bto.bluecoat.com/security-advisory/sa122
Third Party Advisory
https://www.kb.cert.org/vuls/id/813296
Third Party Advisory
US Government Resource
https://www.samba.org/samba/security/CVE-2016-2118.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-0611.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0612.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0613.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0614.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0618.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0619.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0620.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0621.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0623.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0624.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0625.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3548
Third Party Advisory
http://www.securityfocus.com/bid/86002
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035533
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2950-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-3
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-4
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-5
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/badlock
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
Third Party Advisory
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Third Party Advisory
https://www.samba.org/samba/latest_news.html#4.4.2
Vendor Advisory