Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-2115

Published: Apr 25, 2016 | Modified: Dec 31, 2016
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-2115
CWEhttps://cwe.mitre.org/data/definitions/254.html

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 15.10 (including) 15.10 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Red Hat Enterprise Linux 5 RedHat samba3x-0:3.6.23-12.el5_11 *
Red Hat Enterprise Linux 5.6 Long Life RedHat samba3x-0:3.6.23-12.el5_6 *
Red Hat Enterprise Linux 5.9 Long Life RedHat samba3x-0:3.6.23-12.el5_9 *
Red Hat Enterprise Linux 6 RedHat samba-0:3.6.23-30.el6_7 *
Red Hat Enterprise Linux 6 RedHat ipa-0:3.0.0-47.el6_7.2 *
Red Hat Enterprise Linux 6 RedHat libldb-0:1.1.25-2.el6_7 *
Red Hat Enterprise Linux 6 RedHat libtalloc-0:2.1.5-1.el6_7 *
Red Hat Enterprise Linux 6 RedHat libtdb-0:1.3.8-1.el6_7 *
Red Hat Enterprise Linux 6 RedHat libtevent-0:0.9.26-2.el6_7 *
Red Hat Enterprise Linux 6 RedHat openchange-0:1.0-7.el6_7 *
Red Hat Enterprise Linux 6 RedHat samba4-0:4.2.10-6.el6_7 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat samba-0:3.6.23-30.el6_2 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat evolution-mapi-0:0.28.3-8.el6_2 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat libldb-0:1.1.25-2.el6_2 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat openchange-0:1.0-1.el6_2 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat samba4-0:4.2.10-6.el6_2 *
Red Hat Enterprise Linux 6.2 Advanced Update Support RedHat sssd-0:1.5.1-66.el6_2.5 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat samba-0:3.6.23-30.el6_4 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat ipa-0:3.0.0-26.el6_4.5 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat libldb-0:1.1.25-2.el6_4 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat openchange-0:1.0-5.el6_4 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat samba4-0:4.2.10-6.el6_4 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat sssd-0:1.9.2-82.12.el6_4 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat samba-0:3.6.23-30.el6_5 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat ipa-0:3.0.0-37.el6_5.1 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat libldb-0:1.1.25-2.el6_5 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat openchange-0:1.0-7.el6_5 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat samba4-0:4.2.10-6.el6_5 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat sssd-0:1.9.2-129.el6_5.7 *
Red Hat Enterprise Linux 6.6 Extended Update Support RedHat samba-0:3.6.23-30.el6_6 *
Red Hat Enterprise Linux 6.6 Extended Update Support RedHat ipa-0:3.0.0-42.el6_6.1 *
Red Hat Enterprise Linux 6.6 Extended Update Support RedHat libldb-0:1.1.25-2.el6_6 *
Red Hat Enterprise Linux 6.6 Extended Update Support RedHat openchange-0:1.0-7.el6_6 *
Red Hat Enterprise Linux 6.6 Extended Update Support RedHat samba4-0:4.2.10-6.el6_6 *
Red Hat Enterprise Linux 7 RedHat ipa-0:4.2.0-15.el7_2.6.1 *
Red Hat Enterprise Linux 7 RedHat libldb-0:1.1.25-1.el7_2 *
Red Hat Enterprise Linux 7 RedHat libtalloc-0:2.1.5-1.el7_2 *
Red Hat Enterprise Linux 7 RedHat libtdb-0:1.3.8-1.el7_2 *
Red Hat Enterprise Linux 7 RedHat libtevent-0:0.9.26-1.el7_2 *
Red Hat Enterprise Linux 7 RedHat openchange-0:2.0-10.el7_2 *
Red Hat Enterprise Linux 7 RedHat samba-0:4.2.10-6.el7_2 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat ipa-0:4.1.0-18.ael7b_1.6 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat libldb-0:1.1.25-1.ael7b_1 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat libtalloc-0:2.1.5-1.ael7b_1 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat libtdb-0:1.3.8-1.el7_1 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat libtevent-0:0.9.26-1.el7_1 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat openchange-0:2.0-4.ael7b_1.1 *
Red Hat Enterprise Linux 7.1 Extended Update Support RedHat samba-0:4.2.10-5.ael7b_1 *
Red Hat Gluster Storage 3.1 for RHEL 6 RedHat libldb-0:1.1.24-1.el6rhs *
Red Hat Gluster Storage 3.1 for RHEL 6 RedHat libtalloc-0:2.1.5-1.el6rhs *
Red Hat Gluster Storage 3.1 for RHEL 6 RedHat libtdb-0:1.3.8-1.el6rhs *
Red Hat Gluster Storage 3.1 for RHEL 6 RedHat libtevent-0:0.9.26-1.el6rhs *
Red Hat Gluster Storage 3.1 for RHEL 6 RedHat samba-0:4.2.11-2.el6rhs *
Red Hat Gluster Storage 3.1 for RHEL 7 RedHat libldb-0:1.1.24-1.el7rhgs *
Red Hat Gluster Storage 3.1 for RHEL 7 RedHat libtalloc-0:2.1.5-1.el7rhgs *
Red Hat Gluster Storage 3.1 for RHEL 7 RedHat libtdb-0:1.3.8-1.el7rhgs *
Red Hat Gluster Storage 3.1 for RHEL 7 RedHat libtevent-0:0.9.26-1.el7rhgs *
Red Hat Gluster Storage 3.1 for RHEL 7 RedHat samba-0:4.2.11-2.el7rhgs *
Samba Ubuntu devel *
Samba Ubuntu precise *
Samba Ubuntu trusty *
Samba Ubuntu upstream *
Samba Ubuntu wily *
Samba Ubuntu xenial *
Samba Ubuntu yakkety *
Samba Ubuntu zesty *
Samba4 Ubuntu precise *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use