Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka “BADLOCK.”
Impact
This vulnerability may allow a remote attacker to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or execute arbitrary code on a client system.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4

Rows per page:

1-10 of 2831

f5 1

nessus 52

cve 2

samba 3

nvd 2

debiancve 2

prion 2

cvelist 2

openvas 47

veracode 2

ubuntucve 2

rapid7community 1

fortinet 1

mageia 1

oraclelinux 5

redhat 11

centos 4

ibm 9

suse 8

cert 1

checkpoint_advisories 1

threatpost 1

ubuntu 5

altlinux 5

archlinux 1

fedora 3

freebsd 1

amazon 1

slackware 1

cloudfoundry 1

osv 3

debian 2

avleonov 1

symantec 1

gentoo 1

SOL37603172 - Samba vulnerabilities CVE-2015-5370 and CVE-2016-2118

2016-05-10 00:00:00

nessus

F5 Networks BIG-IP : Samba vulnerabilities (K37603172) (Badlock)

2016-05-12 00:00:00

Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20160412) (Badlock)

2016-04-13 00:00:00

Samba Badlock Vulnerability

2016-04-13 00:00:00

cve

CVE-2015-5370

2016-04-25 00:59:00

CVE-2016-2118

2016-04-12 23:59:37

samba

Multiple errors in DCE-RPC code.

2016-04-12 00:00:00

SAMR and LSA man in the middle attacks possible

2016-04-12 00:00:00

SAMR and LSA man in the middle attacks possible

2016-04-12 00:00:00

nvd

CVE-2015-5370

2016-04-25 00:59:00

CVE-2016-2118

2016-04-12 23:59:37

debiancve

CVE-2015-5370

2016-04-25 00:59:00

CVE-2016-2118

2016-04-12 23:59:37

prion

Code injection

2016-04-25 00:59:00

Design/Logic Flaw

2016-04-12 23:59:00

cvelist

CVE-2015-5370

2016-04-25 00:00:00

CVE-2016-2118

2016-04-12 23:00:00

openvas

RedHat Update for samba RHSA-2016:0611-01

2016-04-13 00:00:00

CentOS Update for libsmbclient CESA-2016:0611 centos6

2016-04-14 00:00:00

Oracle: Security Advisory (ELSA-2016-0611)

2016-05-09 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:10:59

Man-In-The-Middle (MitM)

2019-05-02 05:28:42

ubuntucve

CVE-2015-5370

2016-04-12 00:00:00

CVE-2016-2118

2016-04-12 00:00:00

rapid7community

Metasploit, [REDACTED] Edition

2017-04-01 12:03:18

fortinet

SAM and LSAD remote protocols man in the middle vulnerability (Badlock)

2016-04-14 00:00:00

mageia

Updated samba packages fix security vulnerabilities

2016-04-26 21:02:43

oraclelinux

samba security update

2016-04-12 00:00:00

samba3x security update

2016-04-12 00:00:00

samba and samba4 security, bug fix, and enhancement update

2016-04-12 00:00:00

redhat

(RHSA-2016:0619) Critical: samba security update

2016-04-12 00:00:00

(RHSA-2016:0613) Critical: samba3x security update

2016-04-12 00:00:00

(RHSA-2016:0611) Critical: samba security update

2016-04-13 06:54:34

centos

libsmbclient, samba security update

2016-04-13 00:14:40

samba3x security update

2016-04-13 00:27:00

ctdb, ipa, ldb, libldb, libsmbclient, libtalloc, libtdb, libtevent, libwbclient, openchange, pyldb, pytalloc, python, samba, samba4, tdb security update

2016-04-13 00:13:42

ibm

Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER

2022-02-16 22:09:18

Security Bulletin: Multiple vulnerabilities in Samba – including Badlock - affect IBM Spectrum Scale SMB protocol access method

2018-08-01 20:57:52

Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - Transformation Extender Hypervisor Edition

2018-06-16 20:00:24

suse

Security update for samba (important)

2016-04-13 00:08:02

Security update for samba (important)

2016-04-13 00:13:24

Security update for samba (important)

2016-04-13 00:11:56

cert

Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")

2016-04-12 00:00:00

checkpoint_advisories

Microsoft Windows RPC Authentication Downgrade (MS16-047: CVE-2016-0128; CVE-2016-2118)

2016-04-03 00:00:00

threatpost

Badlock Windows, Samba Man-in-the-Middle Vulnerability

2016-04-12 14:30:14

ubuntu

Samba regression

2016-05-25 00:00:00

Samba regressions

2016-05-04 00:00:00

libsoup update

2016-05-04 00:00:00

altlinux

Security fix for the ALT Linux 8 package samba-DC version 4.4.2-alt1

2016-04-12 00:00:00

Security fix for the ALT Linux 7 package samba-DC version 4.4.2-alt1

2016-04-12 00:00:00

Security fix for the ALT Linux 7 package samba version 4.4.2-alt1

2016-04-12 00:00:00

archlinux

samba: multiple issues

2016-04-23 00:00:00

fedora

[SECURITY] Fedora 23 Update: samba-4.3.8-0.fc23

2016-04-13 20:24:23

[SECURITY] Fedora 22 Update: samba-4.2.11-0.fc22

2016-04-14 04:23:49

[SECURITY] Fedora 24 Update: samba-4.4.2-1.fc24

2016-04-15 03:20:46

freebsd

samba -- multiple vulnerabilities

2016-04-12 00:00:00

amazon

Critical: samba

2016-04-13 11:45:00

slackware

[slackware-security] samba

2016-04-15 20:48:27

cloudfoundry

Samba and Windows Vulnerabilities | Cloud Foundry

2016-04-14 00:00:00

osv

samba - regression update

2016-04-13 00:00:00

samba - regression update

2016-04-13 00:00:00

samba - security update

2016-04-13 00:00:00

debian

[SECURITY] [DSA 3548-1] samba security update

2016-04-13 20:42:03

[SECURITY] [DSA 3548-1] samba security update

2016-04-13 20:42:03

avleonov

Vulnerability Quadrants

2017-05-09 21:17:36

symantec

SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)

2016-04-15 08:00:00

gentoo

Samba: Multiple vulnerabilities

2016-12-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for F5:K37603172