CVE-2016-2124

EPSS 0.79%
Veröffentlicht 18.02.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 02:47:52
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 3.0.0 < 4.13.14

Samba ≫ Samba Version >= 4.14.0 < 4.14.10

Samba ≫ Samba Version >= 4.15.0 < 4.15.2

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Redhat ≫ Codeready Linux Builder Version-

Redhat ≫ Gluster Storage Version3.0

Redhat ≫ Gluster Storage Version3.5

Redhat ≫ Openstack Version13

Redhat ≫ Openstack Version16.1

Redhat ≫ Openstack Version16.2

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Resilient Storage Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Tus Version8.2

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version21.04

Canonical ≫ Ubuntu Linux Version21.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.732

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://security.gentoo.org/glsa/202309-06

https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

https://bugzilla.redhat.com/show_bug.cgi?id=2019660

Patch

Third Party Advisory

Issue Tracking

https://www.samba.org/samba/security/CVE-2016-2124.html

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2016-2124

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2124

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2124

EUVD