Описание
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:4.3.8+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| esm-infra/xenial | released | 2:4.3.8+dfsg-0ubuntu1 |
| precise | released | 2:3.6.25-0ubuntu0.12.04.2 |
| precise/esm | not-affected | 2:3.6.25-0ubuntu0.12.04.2 |
| trusty | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| trusty/esm | released | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| upstream | released | 4.4.2,4.3.8,4.2.11 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | DNE |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before ...
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Уязвимость функции ncacn_np пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
4.3 Medium
CVSS2
5.9 Medium
CVSS3