vulnerability
Ubuntu: USN-3092-1 (CVE-2016-2119): Samba vulnerability
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jul 7, 2016 | Sep 28, 2016 | Apr 14, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jul 7, 2016
Added
Sep 28, 2016
Modified
Apr 14, 2025
Description
Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a
machine-in-the-middle attack.
Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Solution
ubuntu-upgrade-samba

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.