The version of Samba on the remote host is 4.3.x prior to 4.3.7 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.2. Therefore, it is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client that is triggered during the handling of specially crafted DCE-RPC packets. This may allow a remote attacker to conduct a MitM attack, downgrade a secure connection to an insecure one, cause a consumption of CPU resources, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication that may allow a MitM attacker to conduct multiple attacks. This may allow the attacker to clear 'NTLMSSP_NEGOTIATE_SIGN' and 'NTLMSSP_NEGOTIATE_SEAL', take over connections, cause traffic to be sent without encryption, or potentially have other impacts. (CVE-2016-2110)
 - A flaw exists in NETLOGON that is due to the program failing to properly establish a secure channel connection. This may allow a remote MitM attacker to spoof a secure channel's endpoints' computer name and potentially obtain session information. (CVE-2016-2111)
 - A flaw exists that is due to a lack of integrity protection mechanisms. This may allow a remote MitM attacker to downgrade a secure LDAP connection to an insecure version of the connection. (CVE-2016-2112)
 - A flaw exists as TLS certificates are not properly validated for the LDAP and HTTP protocols. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2016-2113)
 - A flaw exists that is due to the program failing to enforce the 'server signing = mandatory' option in 'smb.conf' for clients using the SMB1 protocol. This may result in SMB signing not being properly required, potentially allowing a MitM attacker to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists that is due to the program failing to perform integrity checks for SMB client connections. As the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection, this may allow a MitM attacker to conduct spoofing attacks. (CVE-2016-2115)

The version of Samba on the remote host is 4.2.x prior to 4.2.10 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

The version of Samba on the remote host is 4.4.x prior to 4.4.1 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

The specific version of Samba that the system is running is reportedly affected by the following vulnerabilities:

- Samba contains a flaw in the DCE-RPC client that is triggered during the handling of specially crafted DCE-RPC packets. This may allow a remote attacker to conduct a man-in-the-middle attack, downgrade a secure connection to an insecure one, cause a consumption of CPU resources, or potentially execute arbitrary code. (CVE-2015-5370)

- Samba contains a flaw in its implementation of NTLMSSP authentication that may allow a man-in-the-middle attacker to conduct multiple attacks. This may allow the attacker to  clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, take over connections, cause traffic to be sent without encryption, or potentially have other impacts. (CVE-2016-2110)

- Samba contains a flaw in NETLOGON that is due to the program failing to properly establish a secure channel connection. This may allow a remote man-in-the-middle attacker to spoof a secure channel's endpoints' computer name and potentially obtain session information. (CVE-2016-2111)

- Samba contains a flaw that is due to a lack of integrity protection mechanisms. This may allow a remote man-in-the-middle attacker to downgrade a secure LDAP connection to an insecure version of the connection. (CVE-2016-2112)

- Samba contains a flaw as TLS certificates are not properly validated for the LDAP and HTTP protocols. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2016-2113)

- Samba contains a flaw that is due to the program failing to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. This may result in SMB signing not being properly required, potentially allowing a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2114)

- Samba contains a flaw that is due to the program failing to perform integrity checks for SMB client connections. As the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection, this may allow a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2115)

Versions of Samba prior to 4.2.10 / 4.2.11, 4.3.7 / 4.3.8 and 4.4.1 / 4.4.2 are unpatched for the badlock vulnerability.

ID	名前	製品	ファミリー	公開日	更新日	深刻度
9232	Samba 4.3.x < 4.3.7 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
9822	Samba 4.2.x < 4.2.11 / 4.3.x < 4.3.8 / 4.4.x < 4.4.2 Multiple MitM	Nessus Network Monitor	Samba	2016/12/9	2019/3/6	medium
9231	Samba 4.2.x < 4.2.10 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
9233	Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
802024	Samba < 4.4.2, 4.3.8, 4.2.11, 3.6.26 Multiple Vulnerabilities	Log Correlation Engine	Samba	2016/9/8		critical
801967	Samba < 4.2.10/11, < 4.3.7/8, < 4.4.1/2 badlock Vulnerability	Log Correlation Engine	Samba	2016/2/12		high

検出

プラグインの検索

high

medium

high

high

critical

high