Detections
Analytics

CVE-2016-2112

medium

Description

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

References

https://www.samba.org/samba/security/CVE-2016-2112.html

https://www.samba.org/samba/latest_news.html#4.4.2

https://www.samba.org/samba/history/samba-4.2.10.html

https://security.gentoo.org/glsa/201612-47

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821

https://bto.bluecoat.com/security-advisory/sa122

http://www.ubuntu.com/usn/USN-2950-5

http://www.ubuntu.com/usn/USN-2950-4

http://www.ubuntu.com/usn/USN-2950-3

http://www.ubuntu.com/usn/USN-2950-2

http://www.ubuntu.com/usn/USN-2950-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012

http://www.securitytracker.com/id/1035533

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.debian.org/security/2016/dsa-3548

http://rhn.redhat.com/errata/RHSA-2016-0624.html

http://rhn.redhat.com/errata/RHSA-2016-0620.html

http://rhn.redhat.com/errata/RHSA-2016-0619.html

http://rhn.redhat.com/errata/RHSA-2016-0618.html

http://rhn.redhat.com/errata/RHSA-2016-0614.html

http://rhn.redhat.com/errata/RHSA-2016-0613.html

http://rhn.redhat.com/errata/RHSA-2016-0612.html

http://rhn.redhat.com/errata/RHSA-2016-0611.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html

http://badlock.org/

Details

Source: Mitre, NVD

Published: 2016-04-25

Updated: 2016-12-31

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium