vulnerability
Samba CVE-2016-2111: NETLOGON Spoofing Vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:A/AC:M/Au:N/C:P/I:P/A:N) | Apr 12, 2016 | Apr 12, 2016 | Mar 27, 2026 |
Severity
4
CVSS
(AV:A/AC:M/Au:N/C:P/I:P/A:N)
Published
Apr 12, 2016
Added
Apr 12, 2016
Modified
Mar 27, 2026
Description
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
Solutions
samba-upgrade-4_2_11samba-upgrade-4_3_8samba-upgrade-4_4_2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.