CVE-2016-2124

Опубликовано: 18 фев. 2022

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2019660
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2016-2124.html
Mitigation
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019660
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2016-2124.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 4.13.14 (исключая)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия от 4.14.0 (включая) до 4.14.10 (исключая)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия от 4.15.0 (включая) до 4.15.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:16.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00571

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2016-2124

CVSS3: 5.9

ubuntu

больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVE-2016-2124

CVSS3: 6.8

redhat

больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVE-2016-2124

CVSS3: 5.9

msrc

8 месяцев назад

Описание отсутствует

CVE-2016-2124

CVSS3: 5.9

debian

больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An ...

GHSA-p5c7-5xj7-x9vv

CVSS3: 5.9

github

больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

EPSS

Процентиль: 68%

0.00571

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287