[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-2112Date: (C)2016-04-28   (M)2023-12-22


The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.9CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1035533
DSA-3548
FEDORA-2016-383fce04e2
FEDORA-2016-48b3761baa
FEDORA-2016-be53260726
GLSA-201612-47
RHSA-2016:0611
RHSA-2016:0612
RHSA-2016:0613
RHSA-2016:0614
RHSA-2016:0618
RHSA-2016:0619
RHSA-2016:0620
RHSA-2016:0624
SSA:2016-106-02
SUSE-SU-2016:1022
SUSE-SU-2016:1023
SUSE-SU-2016:1024
SUSE-SU-2016:1028
USN-2950-1
USN-2950-2
USN-2950-3
USN-2950-4
USN-2950-5
http://badlock.org/
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://bto.bluecoat.com/security-advisory/sa122
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
https://www.samba.org/samba/history/samba-4.2.10.html
https://www.samba.org/samba/latest_news.html#4.4.2
https://www.samba.org/samba/security/CVE-2016-2112.html
openSUSE-SU-2016:1025
openSUSE-SU-2016:1064
openSUSE-SU-2016:1106
openSUSE-SU-2016:1107

CPE    244
cpe:/a:samba:samba:4.1.13
cpe:/a:samba:samba:4.1.12
cpe:/a:samba:samba:4.1.11
cpe:/a:samba:samba:4.1.10
...
CWE    1
CWE-254
OVAL    41
oval:org.secpod.oval:def:400809
oval:org.secpod.oval:def:89045232
oval:org.secpod.oval:def:203890
oval:org.secpod.oval:def:203893
...

© SecPod Technologies