Oracle Solaris 11: CVE-2016-2112: Vulnerability in Samba
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | April 24, 2016 | May 29, 2017 | October 30, 2017 |
Description
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-solaris-11-3-upgrade-library-samba-libsmbclient-4-4-5-0-175-3-14-0-1-0Related Vulnerabilities
- RHSA-2016:0621: samba security update
- RHSA-2016:0618: samba security, bug fix, and enhancement update
- Samba CVE-2016-2112: The LDAP client and server don't enforce integrity protection
- Amazon Linux AMI: Security patch for samba (ALAS-2016-686) (multiple CVEs)
- RHSA-2016:0624: samba3x security update
- RHSA-2016:0623: samba security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- RHSA-2016:0613: samba3x security update
- HP-UX: CVE-2016-2112: HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- RHSA-2016:0611: samba security update
- Gentoo Linux: CVE-2016-2112: Samba: Multiple vulnerabilities
- RHSA-2016:0625: samba security update
- RHSA-2016:0612: samba and samba4 security, bug fix, and enhancement update
- RHSA-2016:0619: samba security update
- RHSA-2016:0620: samba4 security, bug fix, and enhancement update
- Huawei EulerOS: CVE-2016-2112: samba security update
- Alpine Linux: CVE-2016-2112: samba Multiple security issues
- FreeBSD: samba -- multiple vulnerabilities (Multiple CVEs)