CVE-2016-2118 in Ubuntu

CVE-2016-2118

Priority

Medium

Description

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x
before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC
connections, which allows man-in-the-middle attackers to perform
protocol-downgrade attacks and impersonate users by modifying the
client-server data stream, aka "BADLOCK."

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
https://www.samba.org/samba/security/CVE-2016-2118.html
http://badlock.org/
https://usn.ubuntu.com/usn/usn-2950-1

Notes

mdeslaur> This is known as Badlock

Assigned-to

mdeslaur

Package

Source: samba4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE

Package

Source: samba (LP Ubuntu Debian)

Upstream:	released (4.4.2,4.3.8,4.2.11)
Ubuntu 12.04 ESM (Precise Pangolin):	released (2:3.6.25-0ubuntu0.12.04.2)
Ubuntu 14.04 LTS (Trusty Tahr):	released (2:4.3.8+dfsg-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2:4.3.8+dfsg-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):	released (2:4.3.8+dfsg-0ubuntu1)
Ubuntu 17.10 (Artful Aardvark):	released (2:4.3.8+dfsg-0ubuntu1)

More Information

Updated: 2017-12-15 20:34:56 UTC (commit 13913)