Описание
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:4.3.8+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| esm-infra/xenial | released | 2:4.3.8+dfsg-0ubuntu1 |
| precise | released | 2:3.6.25-0ubuntu0.12.04.2 |
| precise/esm | not-affected | 2:3.6.25-0ubuntu0.12.04.2 |
| trusty | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| trusty/esm | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| upstream | released | 4.4.2,4.3.8,4.2.11 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
6.3 Medium
CVSS3
Связанные уязвимости
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before ...
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
Уязвимость службы NETLOGON пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
EPSS
4.3 Medium
CVSS2
6.3 Medium
CVSS3