CVSS: 5.9EPSS: 0%CPEs: 75EXPL: 0CVE-2016-2114 – samba: Samba based active directory domain controller does not enforce smb signing
https://notcve.org/view.php?id=CVE-2016-2114
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. La implementación del protocolo SMB1 en Samba 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "server signing = mandatory", lo que permite a atacantes man-in-the-middle suplantar servidores SMB modificando el flujo de datos cliente-servidor. It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0612.html http://rhn.redhat.com/errata/RHSA-2016-06 • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.4EPSS: 0%CPEs: 75EXPL: 0CVE-2016-2113 – samba: Server certificates not validated at client side
https://notcve.org/view.php?id=CVE-2016-2113
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. Samba 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no verifica certificados X.509 de servidores TLS, lo que permite a atacantes man-in-the-middle suplantar servidores LDAPS y HTTPS y obtener información sensible a través de un certificado manipulado. It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 permite a atacantes man-in-the-middle llevar a cabo ataques de degradación de protocolo modificando el flujo de datos cliente-servidor para eliminar indicadores de la capa de aplicación o ajustes de cifrado, según lo demostrado limpiando la opción NTLMSSP_NEGOTIATE_SEAL o NTLMSSP_NEGOTIATE_SIGN para interrumpir la seguridad LDAP. Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2112 – samba: Missing downgrade detection
https://notcve.org/view.php?id=CVE-2016-2112
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. El paquete de la librería cliente LDAP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "client ldap sasl wrapping", lo que permite a atacantes man-in-the-middle llevar a cabo ataques de degradación de protocolo LDAP modificando el flujo de datos cliente-servidor. It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2115 – samba: Smb signing not required by default when smb client connection is used for ipc usage
https://notcve.org/view.php?id=CVE-2016-2115
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no requiere firmado SMB dentro de una sesión DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SMB modificando el flujo de datos cliente-servidor It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •