Описание
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:4.3.8+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| esm-infra/xenial | not-affected | 2:4.3.8+dfsg-0ubuntu1 |
| precise | released | 2:3.6.25-0ubuntu0.12.04.2 |
| precise/esm | not-affected | 2:3.6.25-0ubuntu0.12.04.2 |
| trusty | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| trusty/esm | not-affected | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| upstream | released | 4.4.2,4.3.8,4.2.11 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4. ...
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Уязвимость библиотеки LDAP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3