vulnerability

Debian: CVE-2016-2125: samba -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:N/C:P/I:N/A:N)	Dec 19, 2016	Dec 20, 2016	Mar 30, 2026

Severity

CVSS

(AV:A/AC:L/Au:N/C:P/I:N/A:N)

Published

Dec 19, 2016

Added

Dec 20, 2016

Modified

Mar 30, 2026

Description

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Solution

debian-upgrade-samba

References

CVE-2016-2125
https://attackerkb.com/topics/CVE-2016-2125
CWE-20
CWE-287
DEBIAN-DLA-776-1
DEBIAN-DSA-3740
DISA_SEVERITY-Category I
EUVD-EUVD-2016-3228
IAVM-2016-A-0353
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-3228

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report