Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2016-2112

Disclosure Date: April 25, 2016 •

CVE-2016-2112 CVSS v3 Base Score: 5.9

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “client ldap sasl wrapping” setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.9 Medium

Impact Score:

3.6

Exploitability Score:

2.2

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

None

References

Canonical

CVE-2016-2112 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html

http://rhn.redhat.com/errata/RHSA-2016-0612.html

USN-2950-1 (http://www.ubuntu.com/usn/USN-2950-1)

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html

http://rhn.redhat.com/errata/RHSA-2016-0613.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

USN-2950-5 (http://www.ubuntu.com/usn/USN-2950-5)

https://www.samba.org/samba/history/samba-4.2.10.html

FEDORA-2016-be53260726 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html)

http://rhn.redhat.com/errata/RHSA-2016-0624.html

http://rhn.redhat.com/errata/RHSA-2016-0618.html

https://www.samba.org/samba/security/CVE-2016-2112.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html

https://www.samba.org/samba/latest_news.html#4.4.2

SECTRACK-1035533 (http://www.securitytracker.com/id/1035533)

FEDORA-2016-48b3761baa (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html)

http://rhn.redhat.com/errata/RHSA-2016-0614.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html

http://rhn.redhat.com/errata/RHSA-2016-0620.html

http://rhn.redhat.com/errata/RHSA-2016-0611.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

https://bto.bluecoat.com/security-advisory/sa122

USN-2950-3 (http://www.ubuntu.com/usn/USN-2950-3)

FEDORA-2016-383fce04e2 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html)

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0619.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821

GLSA-201612-47 (https://security.gentoo.org/glsa/201612-47)

DSA-3548 (http://www.debian.org/security/2016/dsa-3548)

USN-2950-2 (http://www.ubuntu.com/usn/USN-2950-2)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399

USN-2950-4 (http://www.ubuntu.com/usn/USN-2950-4)

Miscellaneous

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012

http://badlock.org

Rapid7

Technical Analysis