6.5

CVE-2016-2125

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Data is provided by the National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.25 < 4.3.13
SambaSamba Version >= 4.4.0 < 4.4.8
SambaSamba Version >= 4.5.0 < 4.5.3
RedhatGluster Storage Version3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 12.78% 0.937
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 6.4 1.2 5.2
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/94988
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037494
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
Third Party Advisory
Issue Tracking
Mitigation