Vulnerability & Exploit Database

Displaying entries 1 - 10 of 17 in total

Results for: CVE-2015-5296 Back to search

Ubuntu: (Multiple Advisories) (CVE-2015-5296): Samba regression Vulnerability

  • Severity: 4
  • Published: December 29, 2015

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Samba CVE-2015-5296: Numerous CVEs. Please see the announcements for details. Vulnerability

  • Severity: 4
  • Published: December 29, 2015

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Oracle Solaris 11: CVE-2015-5296: Vulnerability in Samba Vulnerability

  • Severity: 4
  • Published: December 29, 2015

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

RHSA-2016:0011: samba security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A man-in-the-middle vulnerability was found in the way "connection signing"was implemented by Samba. A remote attacker could use this fl...

RHSA-2016:0010: samba4 security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A denial of service flaw was found in the LDAP server provided by the AD DCin the Samba process daemon. A remote attacker could exploit ...

RHSA-2016:0006: samba security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A denial of service flaw was found in the LDAP server provided by the AD DCin the Samba process daemon. A remote attacker could exploit ...

ELSA-2016-0011 Moderate: Oracle Linux samba security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

ELSA-2016-0010 Moderate: Oracle Linux samba4 security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

ELSA-2016-0006 Moderate: Oracle Linux samba security update Vulnerability

  • Severity: 5
  • Published: December 29, 2015

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

Gentoo Linux: CVE-2015-5296: Samba: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 29, 2015

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.