CVE-2016-2115
- EPSS 10.23%
- Veröffentlicht 25.04.2016 00:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
CVE-2016-2114
- EPSS 2.6%
- Veröffentlicht 25.04.2016 00:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client...
CVE-2016-2112
- EPSS 9.35%
- Veröffentlicht 25.04.2016 00:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade att...
CVE-2016-2113
- EPSS 2.58%
- Veröffentlicht 25.04.2016 00:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certific...
CVE-2016-2111
- EPSS 2.9%
- Veröffentlicht 25.04.2016 00:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive sessi...
CVE-2016-2110
- EPSS 8.31%
- Veröffentlicht 25.04.2016 00:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove app...
CVE-2015-5370
- EPSS 19.1%
- Veröffentlicht 25.04.2016 00:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consum...
CVE-2016-2118
- EPSS 36.93%
- Veröffentlicht 12.04.2016 23:59:37
- Zuletzt bearbeitet 06.05.2026 22:30:45
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona...
CVE-2016-0771
- EPSS 2.76%
- Veröffentlicht 13.03.2016 22:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain...
CVE-2015-7560
- EPSS 12.94%
- Veröffentlicht 13.03.2016 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then u...