CVE-2016-2118

Priority
Description
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x
before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC
connections, which allows man-in-the-middle attackers to perform
protocol-downgrade attacks and impersonate users by modifying the
client-server data stream, aka "BADLOCK."
Notes
 mdeslaur> This is known as Badlock
Assigned-to
mdeslaur
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.4.2,4.3.8,4.2.11)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.6.25-0ubuntu0.12.04.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.3.8+dfsg-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.8+dfsg-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2018-10-31 21:22:46 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)