HP-UX: CVE-2016-2110: HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | April 24, 2016 | August 11, 2017 | October 30, 2017 |
Description
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
hpux-update-cifs-development-cifs-prgRelated Vulnerabilities
- RHSA-2016:0621: samba security update
- RHSA-2016:0618: samba security, bug fix, and enhancement update
- Amazon Linux AMI: Security patch for samba (ALAS-2016-686) (multiple CVEs)
- Oracle Solaris 11: CVE-2016-2110: Vulnerability in Samba
- Alpine Linux: CVE-2016-2110: samba Multiple security issues
- Huawei EulerOS: CVE-2016-2110: samba security update
- RHSA-2016:0624: samba3x security update
- RHSA-2016:0623: samba security update
- RHSA-2016:0613: samba3x security update
- Samba CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
- RHSA-2016:0611: samba security update
- RHSA-2016:0625: samba security update
- RHSA-2016:0612: samba and samba4 security, bug fix, and enhancement update
- RHSA-2016:0619: samba security update
- RHSA-2016:0620: samba4 security, bug fix, and enhancement update
- FreeBSD: samba -- multiple vulnerabilities (Multiple CVEs)
- Debian: CVE-2016-2110: samba -- security update
- Gentoo Linux: CVE-2016-2110: Samba: Multiple vulnerabilities