6.5

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.25 < 4.3.13
SambaSamba Version >= 4.4.0 < 4.4.8
SambaSamba Version >= 4.5.0 < 4.5.3
RedhatGluster Storage Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.2% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 6.4 1.2 5.2
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://rhn.redhat.com/errata/RHSA-2017-0494.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0495.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0662.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0744.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1265
Third Party Advisory
http://www.securityfocus.com/bid/94988
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037494
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
Third Party Advisory
Issue Tracking
Mitigation
https://www.samba.org/samba/security/CVE-2016-2125.html
Patch
Vendor Advisory
Mitigation