Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2124

Опубликовано: 09 нояб. 2021
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Меры по смягчению последствий

Ensure the following [global] smb.conf parameters are set to their default values as shown below:

client lanman auth = no client NTLMv2 auth = yes client plaintext auth = no client min protocol = SMB2_02

Or use the '-k' command line option only without the -U option, which will make use of an existing krb5 ccache.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6sambaOut of support scope
Red Hat Enterprise Linux 6samba4Out of support scope
Red Hat Enterprise Linux 9sambaNot affected
Red Hat Enterprise Linux 7sambaFixedRHSA-2021:519216.12.2021
Red Hat Enterprise Linux 8sambaFixedRHSA-2021:508213.12.2021
Red Hat Enterprise Linux 8sambaFixedRHSA-2021:508213.12.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportsambaFixedRHSA-2022:007411.01.2022
Red Hat Enterprise Linux 8.4 Extended Update SupportsambaFixedRHSA-2022:000804.01.2022
Red Hat Gluster Storage 3.5 for RHEL 7sambaFixedRHSA-2021:484429.11.2021
Red Hat Gluster Storage 3.5 for RHEL 8sambaFixedRHSA-2021:484329.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=2019660samba: SMB1 client connections can be downgraded to plaintext authentication

EPSS

Процентиль: 68%
0.00571
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-2124

CVSS3: 5.9
ubuntu
больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

nvd логотип

CVE-2016-2124

CVSS3: 5.9
nvd
больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

msrc логотип

CVE-2016-2124

CVSS3: 5.9
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2016-2124

CVSS3: 5.9
debian
больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An ...

github логотип

GHSA-p5c7-5xj7-x9vv

CVSS3: 5.9
github
больше 3 лет назад

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

EPSS

Процентиль: 68%
0.00571
Низкий

6.8 Medium

CVSS3