vulnerability

Oracle Solaris 11: CVE-2016-2125: Vulnerability in SMB

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:N/C:P/I:N/A:N)	May 29, 2017	May 29, 2017	Feb 1, 2022

Severity

CVSS

(AV:A/AC:L/Au:N/C:P/I:N/A:N)

Published

May 29, 2017

Added

May 29, 2017

Modified

Feb 1, 2022

Description

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Solutions

oracle-solaris-11-3-upgrade-library-samba-libsmbclient-4-4-8-0-175-3-17-0-3-0oracle-solaris-11-3-upgrade-service-network-samba-4-4-8-0-175-3-17-0-3-0

References

BID-94988
CVE-2016-2125
https://attackerkb.com/topics/CVE-2016-2125
DISA_SEVERITY-Category I
IAVM-2016-A-0353
REDHAT-RHSA-2017:0494
REDHAT-RHSA-2017:0495
REDHAT-RHSA-2017:0662
REDHAT-RHSA-2017:0744
REDHAT-RHSA-2017:1265
URL-https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today