Описание
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Fixed | RHSA-2016:1487 | 26.07.2016 |
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2016:1486 | 26.07.2016 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | samba | Fixed | RHSA-2016:1494 | 26.07.2016 |
| Red Hat Gluster Storage 3.1 for RHEL 7 | samba | Fixed | RHSA-2016:1494 | 26.07.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
5.4 Medium
CVSS2
Связанные уязвимости
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3 ...
EPSS
7.5 High
CVSS3
5.4 Medium
CVSS2