The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel’s endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

CVE-2016-2113

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “server signing = mandatory” setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
Impact
There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4

Rows per page:

1-10 of 2921

f5 1

samba 5

prion 4

cvelist 4

debiancve 3

cve 4

nvd 4

ubuntucve 3

osv 3

openvas 49

debian 2

nessus 52

ubuntu 5

ibm 9

altlinux 5

redhat 11

archlinux 1

fedora 3

freebsd 1

centos 4

amazon 1

slackware 1

oraclelinux 4

cloudfoundry 1

veracode 3

packetstorm 1

checkpoint_advisories 1

symantec 2

suse 9

kitploit 1

gentoo 1

mageia 1

SOL79401162 - Samba vulnerabilities CVE-2016-2111, CVE-2016-2113, and CVE-2016-2114

2016-05-10 00:00:00

samba

NETLOGON Spoofing Vulnerability.

2016-04-12 00:00:00

"server signing = mandatory" not enforced

2016-04-12 00:00:00

Missing TLS certificate validation allows man in the middle attacks

2016-04-12 00:00:00

prion

Design/Logic Flaw

2016-04-25 00:59:00

Design/Logic Flaw

2016-04-25 00:59:00

Information disclosure

2016-04-25 00:59:00

cvelist

CVE-2016-2111

2016-04-25 00:00:00

CVE-2016-2114

2016-04-25 00:00:00

CVE-2016-2113

2016-04-25 00:00:00

debiancve

CVE-2016-2111

2016-04-25 00:59:02

CVE-2016-2113

2016-04-25 00:59:03

CVE-2016-2114

2016-04-25 00:59:05

cve

CVE-2016-2111

2016-04-25 00:59:02

CVE-2016-2114

2016-04-25 00:59:05

CVE-2016-2113

2016-04-25 00:59:03

nvd

CVE-2016-2111

2016-04-25 00:59:02

CVE-2016-2114

2016-04-25 00:59:05

CVE-2016-2113

2016-04-25 00:59:03

ubuntucve

CVE-2016-2111

2016-04-12 00:00:00

CVE-2016-2114

2016-04-12 00:00:00

CVE-2016-2113

2016-04-12 00:00:00

osv

samba - regression update

2016-04-13 00:00:00

samba - regression update

2016-04-13 00:00:00

samba - security update

2016-04-13 00:00:00

openvas

Debian: Security Advisory (DSA-3548-1)

2016-04-12 00:00:00

Debian Security Advisory DSA 3548-1 (samba - security update)

2016-04-13 00:00:00

CentOS Update for ipa-admintools CESA-2016:0612 centos6

2016-04-14 00:00:00

debian

[SECURITY] [DSA 3548-1] samba security update

2016-04-13 20:42:03

[SECURITY] [DSA 3548-1] samba security update

2016-04-13 20:42:03

nessus

Debian DSA-3548-1 : samba - security update (Badlock)

2016-04-14 00:00:00

Samba < 4.4.2, 4.3.8, 4.2.11, 3.6.26 Multiple Vulnerabilities

2016-09-08 00:00:00

Samba 4.2.x < 4.2.11 / 4.3.x < 4.3.8 / 4.4.x < 4.4.2 Multiple MitM

2016-12-09 00:00:00

ubuntu

Samba regression

2016-05-25 00:00:00

Samba regressions

2016-05-18 00:00:00

Samba regressions

2016-05-04 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Samba – including Badlock - affect IBM Spectrum Scale SMB protocol access method

2018-08-01 20:57:52

Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - Transformation Extender Hypervisor Edition

2018-06-16 20:00:24

Security Bulletin: Multiple vulnerabilities in Samba affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:33:01

altlinux

Security fix for the ALT Linux 8 package samba-DC version 4.4.2-alt1

2016-04-12 00:00:00

Security fix for the ALT Linux 7 package samba-DC version 4.4.2-alt1

2016-04-12 00:00:00

Security fix for the ALT Linux 7 package samba version 4.4.2-alt1

2016-04-12 00:00:00

redhat

(RHSA-2016:0620) Critical: samba4 security, bug fix, and enhancement update

2016-04-12 00:00:00

(RHSA-2016:0614) Critical: samba security, bug fix, and enhancement update

2016-04-12 21:09:54

(RHSA-2016:0618) Critical: samba security, bug fix, and enhancement update

2016-04-12 19:07:21

archlinux

samba: multiple issues

2016-04-23 00:00:00

fedora

[SECURITY] Fedora 23 Update: samba-4.3.8-0.fc23

2016-04-13 20:24:23

[SECURITY] Fedora 24 Update: samba-4.4.2-1.fc24

2016-04-15 03:20:46

[SECURITY] Fedora 22 Update: samba-4.2.11-0.fc22

2016-04-14 04:23:49

freebsd

samba -- multiple vulnerabilities

2016-04-12 00:00:00

centos

ctdb, ipa, ldb, libldb, libsmbclient, libtalloc, libtdb, libtevent, libwbclient, openchange, pyldb, pytalloc, python, samba, samba4, tdb security update

2016-04-13 00:13:42

libsmbclient, samba security update

2016-04-13 00:30:21

libsmbclient, samba security update

2016-04-13 00:14:40

amazon

Critical: samba

2016-04-13 11:45:00

slackware

[slackware-security] samba

2016-04-15 20:48:27

oraclelinux

samba and samba4 security, bug fix, and enhancement update

2016-04-12 00:00:00

samba security update

2016-04-12 00:00:00

samba security update

2016-04-12 00:00:00

cloudfoundry

Samba and Windows Vulnerabilities | Cloud Foundry

2016-04-14 00:00:00

veracode

Man-In-The-Middle (MitM)

2019-05-02 05:28:43

Man-In-The-Middle (MitM)

2019-05-02 05:28:43

Sensitive Information Disclosure

2019-05-02 05:28:41

packetstorm

Windows Pass-Through Authentication Methods Improper Validation

2015-03-11 00:00:00

checkpoint_advisories

Microsoft Windows Netlogon Spoofing (MS15-027; CVE-2015-0005)

2015-03-10 00:00:00

symantec

Microsoft Windows 'Netlogon' RPC CVE-2015-0005 Spoofing Vulnerability

2015-03-10 00:00:00

SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)

2016-04-15 08:00:00

suse

Security update for samba (important)

2016-04-13 00:08:02

Security update for samba (important)

2016-04-13 00:13:24

Security update for samba (important)

2016-04-13 00:11:56

kitploit

Impacket - Collection Of Python Classes For Working With Network Protocols

2018-06-19 13:30:00

gentoo

Samba: Multiple vulnerabilities

2016-12-24 00:00:00

mageia

Updated samba packages fix security vulnerabilities

2016-04-26 21:02:43

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for F5:K79401162