vulnerability

Debian: CVE-2016-2112: samba -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 13, 2016

Added

Apr 14, 2016

Modified

Mar 30, 2026

Description

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Solution

debian-upgrade-samba

References

CVE-2016-2112
https://attackerkb.com/topics/CVE-2016-2112
DEBIAN-DSA-3548
EUVD-EUVD-2016-3215
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-3215

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report