CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.8%
Samba team reports:
[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service
(crashes and high cpu consumption) and man in the middle attacks.
[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected.
A man in the middle is able to clear even required flags, especially
NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote
attackers to spoof the computer name of a secure channelโs endpoints, and obtain
sensitive session information, by running a crafted application and leveraging
the ability to sniff network traffic.
[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections
to no integrity protection.
[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP
connections (with ldaps://) and ncacn_http connections (with https://).
[CVE-2016-2114] Due to a bug Samba doesnโt enforce required smb signing, even if explicitly configured.
[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is
the default for most the file server related protocols) is inherited from the underlying SMB connection.
[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic
between a client and a server in order to impersonate the client and get the same privileges
as the authenticated user account. This is most problematic against active directory domain controllers.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | samba36 | =ย 3.6.0 | UNKNOWN |
FreeBSD | any | noarch | samba36 | <=ย 3.6.25_3 | UNKNOWN |
FreeBSD | any | noarch | samba4 | =ย 4.0.0 | UNKNOWN |
FreeBSD | any | noarch | samba4 | <=ย 4.0.26 | UNKNOWN |
FreeBSD | any | noarch | samba41 | =ย 4.1.0 | UNKNOWN |
FreeBSD | any | noarch | samba41 | <=ย 4.1.23 | UNKNOWN |
FreeBSD | any | noarch | samba42 | =ย 4.2.0 | UNKNOWN |
FreeBSD | any | noarch | samba42 | <ย 4.2.11 | UNKNOWN |
FreeBSD | any | noarch | samba43 | =ย 4.3.0 | UNKNOWN |
FreeBSD | any | noarch | samba43 | <ย 4.3.8 | UNKNOWN |
www.samba.org/samba/security/CVE-2015-5370.html
www.samba.org/samba/security/CVE-2016-2110.html
www.samba.org/samba/security/CVE-2016-2111.html
www.samba.org/samba/security/CVE-2016-2112.html
www.samba.org/samba/security/CVE-2016-2113.html
www.samba.org/samba/security/CVE-2016-2114.html
www.samba.org/samba/security/CVE-2016-2115.html
www.samba.org/samba/security/CVE-2016-2118.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.8%