V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2016-2115
DEB
Medium

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn…

CVSS
5.9
Medium
EPSS
0.10
p95
Published
2016-01-01
Updated
2016-01-01
Description

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Tags · CWE
Pre-auth
CWE-254
CWE-300
CAPEC-57
CAPEC-94
CAPEC-466
CAPEC-589
CAPEC-590
CAPEC-612
CAPEC-613
CAPEC-615
CAPEC-662
Affected products
Evolution-mapiIpaIpaIpaIpaIpaIpaLibldbLibldbLibldbLibldbLibldbLibldbLibldbLibldbLibldbLibtallocLibtallocLibtallocLibtalloc
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Timeline
2016-01-01
Published
2016-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.103 · p95
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-57 · CWE-300
└ via CAPEC-662 · CWE-300
└ via CAPEC-94 · CWE-300
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Samba
Canonical
Ubuntu LinuxSamba
Red Hat
SambaSssdIpaSamba4OpenchangeSamba3xEvolution-mapiLibtallocLibtdbLibtevent+1
Samba
Samba
ProductVendorStatus
evolution-mapiTracked
ipaTracked
ipaTracked
ipaTracked
ipaTracked
ipaTracked
ipaTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libldbTracked
libtallocTracked
libtallocTracked
libtallocTracked
libtallocTracked
Showing first 20 of 66
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2021-01275