Описание
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | samba | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | samba3x | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.9 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba3x | Fixed | RHSA-2016:0613 | 12.04.2016 |
| Red Hat Enterprise Linux 5.6 Long Life | samba3x | Fixed | RHSA-2016:0624 | 12.04.2016 |
| Red Hat Enterprise Linux 5.9 Long Life | samba3x | Fixed | RHSA-2016:0624 | 12.04.2016 |
| Red Hat Enterprise Linux 6 | samba | Fixed | RHSA-2016:0611 | 12.04.2016 |
| Red Hat Enterprise Linux 6 | ipa | Fixed | RHSA-2016:0612 | 13.04.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4. ...
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Уязвимость библиотеки LDAP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5.8 Medium
CVSS2