vulnerability
Samba CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:A/AC:L/Au:N/C:P/I:N/A:N) | Dec 20, 2016 | Dec 20, 2016 | Nov 27, 2024 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 20, 2016
Added
Dec 20, 2016
Modified
Nov 27, 2024
Description
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Solution(s)
samba-upgrade-4_3_13samba-upgrade-4_4_8samba-upgrade-4_5_3

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.