vulnerability

Samba CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms

Severity
3
CVSS
(AV:A/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 20, 2016
Added
Dec 20, 2016
Modified
Nov 27, 2024

Description

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Solution(s)

samba-upgrade-4_3_13samba-upgrade-4_4_8samba-upgrade-4_5_3
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.