Home

CVE-2016-2119

Description

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.403

Associated Vulnerability

VulnerabilityOS Platform
samba security update(DSA-3740-1) samba_4.2.14+dfsg-0+deb8u2_i386.debLinux
samba security update(DSA-3740-1) samba_4.2.14+dfsg-0+deb8u2_amd64.debLinux
Samba-test-devel update (ELSA-2016-1486) samba-test-devel-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libsmbclient-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libsmbclient-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libsmbclient-devel-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libwbclient-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libwbclient-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libwbclient-devel-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update libwbclient-devel-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-client-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-client-libs-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-client-libs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-common-4.2.10-7.el7_2.noarch.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-common-libs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-common-tools-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-dc-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-dc-libs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-debuginfo-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-debuginfo-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-devel-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-devel-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-libs-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-libs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-pidl-4.2.10-7.el7_2.noarch.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-python-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-test-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-test-devel-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-test-libs-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-test-libs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-winbind-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-winbind-modules-4.2.10-7.el7_2.i686.rpmLinux
(RHSA-2016:1486)Moderate: security and bug fix update samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234