Alpine Linux: CVE-2016-2113: samba Multiple security issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | April 24, 2016 | September 20, 2017 | October 30, 2017 |
Description
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
alpine-linux-upgrade-sambaRelated Vulnerabilities
- Oracle Solaris 11: CVE-2016-2113: Vulnerability in Samba
- RHSA-2016:0618: samba security, bug fix, and enhancement update
- Amazon Linux AMI: Security patch for samba (ALAS-2016-686) (multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Huawei EulerOS: CVE-2016-2113: samba security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- RHSA-2016:0612: samba and samba4 security, bug fix, and enhancement update
- RHSA-2016:0620: samba4 security, bug fix, and enhancement update
- Gentoo Linux: CVE-2016-2113: Samba: Multiple vulnerabilities
- FreeBSD: samba -- multiple vulnerabilities (Multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- Samba CVE-2016-2113: Missing TLS certificate validation allows man in the middle attacks