Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2016-2114

Published: Apr 25, 2016 | Modified: Apr 12, 2025
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-2114
CWEhttps://cwe.mitre.org/data/definitions/254.html

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the server signing = mandatory setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

Affected Software

NameVendorStart VersionEnd Version
SambaSamba4.0.0 (including)4.0.0 (including)
SambaSamba4.0.1 (including)4.0.1 (including)
SambaSamba4.0.2 (including)4.0.2 (including)
SambaSamba4.0.3 (including)4.0.3 (including)
SambaSamba4.0.4 (including)4.0.4 (including)
SambaSamba4.0.5 (including)4.0.5 (including)
SambaSamba4.0.6 (including)4.0.6 (including)
SambaSamba4.0.7 (including)4.0.7 (including)
SambaSamba4.0.8 (including)4.0.8 (including)
SambaSamba4.0.9 (including)4.0.9 (including)
SambaSamba4.0.10 (including)4.0.10 (including)
SambaSamba4.0.11 (including)4.0.11 (including)
SambaSamba4.0.12 (including)4.0.12 (including)
SambaSamba4.0.13 (including)4.0.13 (including)
SambaSamba4.0.14 (including)4.0.14 (including)
SambaSamba4.0.15 (including)4.0.15 (including)
SambaSamba4.0.16 (including)4.0.16 (including)
SambaSamba4.0.17 (including)4.0.17 (including)
SambaSamba4.0.18 (including)4.0.18 (including)
SambaSamba4.0.19 (including)4.0.19 (including)
SambaSamba4.0.20 (including)4.0.20 (including)
SambaSamba4.0.21 (including)4.0.21 (including)
SambaSamba4.0.22 (including)4.0.22 (including)
SambaSamba4.0.23 (including)4.0.23 (including)
SambaSamba4.0.24 (including)4.0.24 (including)
SambaSamba4.0.25 (including)4.0.25 (including)
SambaSamba4.0.26 (including)4.0.26 (including)
SambaSamba4.1.0 (including)4.1.0 (including)
SambaSamba4.1.1 (including)4.1.1 (including)
SambaSamba4.1.2 (including)4.1.2 (including)
SambaSamba4.1.3 (including)4.1.3 (including)
SambaSamba4.1.4 (including)4.1.4 (including)
SambaSamba4.1.5 (including)4.1.5 (including)
SambaSamba4.1.6 (including)4.1.6 (including)
SambaSamba4.1.7 (including)4.1.7 (including)
SambaSamba4.1.8 (including)4.1.8 (including)
SambaSamba4.1.9 (including)4.1.9 (including)
SambaSamba4.1.10 (including)4.1.10 (including)
SambaSamba4.1.11 (including)4.1.11 (including)
SambaSamba4.1.12 (including)4.1.12 (including)
SambaSamba4.1.13 (including)4.1.13 (including)
SambaSamba4.1.14 (including)4.1.14 (including)
SambaSamba4.1.15 (including)4.1.15 (including)
SambaSamba4.1.16 (including)4.1.16 (including)
SambaSamba4.1.17 (including)4.1.17 (including)
SambaSamba4.1.18 (including)4.1.18 (including)
SambaSamba4.1.19 (including)4.1.19 (including)
SambaSamba4.1.20 (including)4.1.20 (including)
SambaSamba4.1.21 (including)4.1.21 (including)
SambaSamba4.1.22 (including)4.1.22 (including)
SambaSamba4.1.23 (including)4.1.23 (including)
SambaSamba4.2.0-rc1 (including)4.2.0-rc1 (including)
SambaSamba4.2.0-rc2 (including)4.2.0-rc2 (including)
SambaSamba4.2.0-rc3 (including)4.2.0-rc3 (including)
SambaSamba4.2.0-rc4 (including)4.2.0-rc4 (including)
SambaSamba4.2.1 (including)4.2.1 (including)
SambaSamba4.2.2 (including)4.2.2 (including)
SambaSamba4.2.3 (including)4.2.3 (including)
SambaSamba4.2.4 (including)4.2.4 (including)
SambaSamba4.2.5 (including)4.2.5 (including)
SambaSamba4.2.6 (including)4.2.6 (including)
SambaSamba4.2.7 (including)4.2.7 (including)
SambaSamba4.2.8 (including)4.2.8 (including)
SambaSamba4.2.9 (including)4.2.9 (including)
SambaSamba4.3.0 (including)4.3.0 (including)
SambaSamba4.3.1 (including)4.3.1 (including)
SambaSamba4.3.2 (including)4.3.2 (including)
SambaSamba4.3.3 (including)4.3.3 (including)
SambaSamba4.3.4 (including)4.3.4 (including)
SambaSamba4.3.5 (including)4.3.5 (including)
SambaSamba4.3.6 (including)4.3.6 (including)
SambaSamba4.4.0 (including)4.4.0 (including)
Red Hat Enterprise Linux 6RedHatipa-0:3.0.0-47.el6_7.2*
Red Hat Enterprise Linux 6RedHatlibldb-0:1.1.25-2.el6_7*
Red Hat Enterprise Linux 6RedHatlibtalloc-0:2.1.5-1.el6_7*
Red Hat Enterprise Linux 6RedHatlibtdb-0:1.3.8-1.el6_7*
Red Hat Enterprise Linux 6RedHatlibtevent-0:0.9.26-2.el6_7*
Red Hat Enterprise Linux 6RedHatopenchange-0:1.0-7.el6_7*
Red Hat Enterprise Linux 6RedHatsamba4-0:4.2.10-6.el6_7*
Red Hat Enterprise Linux 6.2 Advanced Update SupportRedHatevolution-mapi-0:0.28.3-8.el6_2*
Red Hat Enterprise Linux 6.2 Advanced Update SupportRedHatlibldb-0:1.1.25-2.el6_2*
Red Hat Enterprise Linux 6.2 Advanced Update SupportRedHatopenchange-0:1.0-1.el6_2*
Red Hat Enterprise Linux 6.2 Advanced Update SupportRedHatsamba4-0:4.2.10-6.el6_2*
Red Hat Enterprise Linux 6.2 Advanced Update SupportRedHatsssd-0:1.5.1-66.el6_2.5*
Red Hat Enterprise Linux 6.4 Advanced Update SupportRedHatipa-0:3.0.0-26.el6_4.5*
Red Hat Enterprise Linux 6.4 Advanced Update SupportRedHatlibldb-0:1.1.25-2.el6_4*
Red Hat Enterprise Linux 6.4 Advanced Update SupportRedHatopenchange-0:1.0-5.el6_4*
Red Hat Enterprise Linux 6.4 Advanced Update SupportRedHatsamba4-0:4.2.10-6.el6_4*
Red Hat Enterprise Linux 6.4 Advanced Update SupportRedHatsssd-0:1.9.2-82.12.el6_4*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatipa-0:3.0.0-37.el6_5.1*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatlibldb-0:1.1.25-2.el6_5*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatopenchange-0:1.0-7.el6_5*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatsamba4-0:4.2.10-6.el6_5*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatsssd-0:1.9.2-129.el6_5.7*
Red Hat Enterprise Linux 6.6 Extended Update SupportRedHatipa-0:3.0.0-42.el6_6.1*
Red Hat Enterprise Linux 6.6 Extended Update SupportRedHatlibldb-0:1.1.25-2.el6_6*
Red Hat Enterprise Linux 6.6 Extended Update SupportRedHatopenchange-0:1.0-7.el6_6*
Red Hat Enterprise Linux 6.6 Extended Update SupportRedHatsamba4-0:4.2.10-6.el6_6*
Red Hat Enterprise Linux 7RedHatipa-0:4.2.0-15.el7_2.6.1*
Red Hat Enterprise Linux 7RedHatlibldb-0:1.1.25-1.el7_2*
Red Hat Enterprise Linux 7RedHatlibtalloc-0:2.1.5-1.el7_2*
Red Hat Enterprise Linux 7RedHatlibtdb-0:1.3.8-1.el7_2*
Red Hat Enterprise Linux 7RedHatlibtevent-0:0.9.26-1.el7_2*
Red Hat Enterprise Linux 7RedHatopenchange-0:2.0-10.el7_2*
Red Hat Enterprise Linux 7RedHatsamba-0:4.2.10-6.el7_2*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatipa-0:4.1.0-18.ael7b_1.6*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatlibldb-0:1.1.25-1.el7_1*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatlibtalloc-0:2.1.5-1.ael7b_1*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatlibtdb-0:1.3.8-1.ael7b_1*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatlibtevent-0:0.9.26-1.el7_1*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatopenchange-0:2.0-4.ael7b_1.1*
Red Hat Enterprise Linux 7.1 Extended Update SupportRedHatsamba-0:4.2.10-5.el7_1*
Red Hat Gluster Storage 3.1 for RHEL 6RedHatlibldb-0:1.1.24-1.el6rhs*
Red Hat Gluster Storage 3.1 for RHEL 6RedHatlibtalloc-0:2.1.5-1.el6rhs*
Red Hat Gluster Storage 3.1 for RHEL 6RedHatlibtdb-0:1.3.8-1.el6rhs*
Red Hat Gluster Storage 3.1 for RHEL 6RedHatlibtevent-0:0.9.26-1.el6rhs*
Red Hat Gluster Storage 3.1 for RHEL 6RedHatsamba-0:4.2.11-2.el6rhs*
Red Hat Gluster Storage 3.1 for RHEL 7RedHatlibldb-0:1.1.24-1.el7rhgs*
Red Hat Gluster Storage 3.1 for RHEL 7RedHatlibtalloc-0:2.1.5-1.el7rhgs*
Red Hat Gluster Storage 3.1 for RHEL 7RedHatlibtdb-0:1.3.8-1.el7rhgs*
Red Hat Gluster Storage 3.1 for RHEL 7RedHatlibtevent-0:0.9.26-1.el7rhgs*
Red Hat Gluster Storage 3.1 for RHEL 7RedHatsamba-0:4.2.11-2.el7rhgs*
SambaUbuntudevel*
SambaUbuntuesm-infra-legacy/trusty*
SambaUbuntuesm-infra/xenial*
SambaUbuntutrusty*
SambaUbuntutrusty/esm*
SambaUbuntuupstream*
SambaUbuntuwily*
SambaUbuntuxenial*
SambaUbuntuyakkety*
SambaUbuntuzesty*
Samba4Ubuntuprecise*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use