CVE-2016-2112
Published: 12 April 2016
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
precise |
Released
(2:3.6.25-0ubuntu0.12.04.2)
|
trusty |
Released
(2:4.3.8+dfsg-0ubuntu0.14.04.2)
|
|
upstream |
Released
(4.4.2,4.3.8,4.2.11)
|
|
wily |
Released
(2:4.3.8+dfsg-0ubuntu0.15.10.2)
|
|
xenial |
Released
(2:4.3.8+dfsg-0ubuntu1)
|
|
yakkety |
Released
(2:4.3.8+dfsg-0ubuntu1)
|
|
zesty |
Released
(2:4.3.8+dfsg-0ubuntu1)
|
|
samba4 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |