Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2016-2115

Disclosure Date: April 25, 2016
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • canonical,
  • samba

Products

  • samba 3.0.0,
  • samba 3.0.1,
  • samba 3.0.10,
  • samba 3.0.11,
  • samba 3.0.12,
  • samba 3.0.13,
  • samba 3.0.14,
  • samba 3.0.14a,
  • samba 3.0.15,
  • samba 3.0.16,
  • samba 3.0.17,
  • samba 3.0.18,
  • samba 3.0.19,
  • samba 3.0.2,
  • samba 3.0.20,
  • samba 3.0.20a,
  • samba 3.0.20b,
  • samba 3.0.21,
  • samba 3.0.21a,
  • samba 3.0.21b,
  • samba 3.0.21c,
  • samba 3.0.22,
  • samba 3.0.23,
  • samba 3.0.23a,
  • samba 3.0.23b,
  • samba 3.0.23c,
  • samba 3.0.23d,
  • samba 3.0.24,
  • samba 3.0.25,
  • samba 3.0.25a,
  • samba 3.0.25b,
  • samba 3.0.25c,
  • samba 3.0.26,
  • samba 3.0.26a,
  • samba 3.0.27,
  • samba 3.0.28,
  • samba 3.0.29,
  • samba 3.0.2a,
  • samba 3.0.3,
  • samba 3.0.30,
  • samba 3.0.31,
  • samba 3.0.32,
  • samba 3.0.33,
  • samba 3.0.34,
  • samba 3.0.35,
  • samba 3.0.36,
  • samba 3.0.37,
  • samba 3.0.4,
  • samba 3.0.5,
  • samba 3.0.6,
  • samba 3.0.7,
  • samba 3.0.8,
  • samba 3.0.9,
  • samba 3.2.0,
  • samba 3.2.1,
  • samba 3.2.10,
  • samba 3.2.11,
  • samba 3.2.12,
  • samba 3.2.13,
  • samba 3.2.14,
  • samba 3.2.15,
  • samba 3.2.2,
  • samba 3.2.3,
  • samba 3.2.4,
  • samba 3.2.5,
  • samba 3.2.6,
  • samba 3.2.7,
  • samba 3.2.8,
  • samba 3.2.9,
  • samba 3.3.0,
  • samba 3.3.1,
  • samba 3.3.10,
  • samba 3.3.11,
  • samba 3.3.12,
  • samba 3.3.13,
  • samba 3.3.14,
  • samba 3.3.15,
  • samba 3.3.16,
  • samba 3.3.2,
  • samba 3.3.3,
  • samba 3.3.4,
  • samba 3.3.5,
  • samba 3.3.6,
  • samba 3.3.7,
  • samba 3.3.8,
  • samba 3.3.9,
  • samba 3.4.0,
  • samba 3.4.1,
  • samba 3.4.10,
  • samba 3.4.11,
  • samba 3.4.12,
  • samba 3.4.13,
  • samba 3.4.14,
  • samba 3.4.15,
  • samba 3.4.16,
  • samba 3.4.17,
  • samba 3.4.2,
  • samba 3.4.3,
  • samba 3.4.4,
  • samba 3.4.5,
  • samba 3.4.6,
  • samba 3.4.7,
  • samba 3.4.8,
  • samba 3.4.9,
  • samba 3.5.0,
  • samba 3.5.1,
  • samba 3.5.10,
  • samba 3.5.11,
  • samba 3.5.12,
  • samba 3.5.13,
  • samba 3.5.14,
  • samba 3.5.15,
  • samba 3.5.16,
  • samba 3.5.17,
  • samba 3.5.18,
  • samba 3.5.19,
  • samba 3.5.2,
  • samba 3.5.20,
  • samba 3.5.21,
  • samba 3.5.22,
  • samba 3.5.3,
  • samba 3.5.4,
  • samba 3.5.5,
  • samba 3.5.6,
  • samba 3.5.7,
  • samba 3.5.8,
  • samba 3.5.9,
  • samba 3.6.0,
  • samba 3.6.1,
  • samba 3.6.10,
  • samba 3.6.11,
  • samba 3.6.12,
  • samba 3.6.13,
  • samba 3.6.14,
  • samba 3.6.15,
  • samba 3.6.16,
  • samba 3.6.17,
  • samba 3.6.18,
  • samba 3.6.19,
  • samba 3.6.2,
  • samba 3.6.20,
  • samba 3.6.21,
  • samba 3.6.22,
  • samba 3.6.23,
  • samba 3.6.24,
  • samba 3.6.25,
  • samba 3.6.3,
  • samba 3.6.4,
  • samba 3.6.5,
  • samba 3.6.6,
  • samba 3.6.7,
  • samba 3.6.8,
  • samba 3.6.9,
  • samba 4.0.0,
  • samba 4.0.1,
  • samba 4.0.10,
  • samba 4.0.11,
  • samba 4.0.12,
  • samba 4.0.13,
  • samba 4.0.14,
  • samba 4.0.15,
  • samba 4.0.16,
  • samba 4.0.17,
  • samba 4.0.18,
  • samba 4.0.19,
  • samba 4.0.2,
  • samba 4.0.20,
  • samba 4.0.21,
  • samba 4.0.22,
  • samba 4.0.23,
  • samba 4.0.24,
  • samba 4.0.25,
  • samba 4.0.26,
  • samba 4.0.3,
  • samba 4.0.4,
  • samba 4.0.5,
  • samba 4.0.6,
  • samba 4.0.7,
  • samba 4.0.8,
  • samba 4.0.9,
  • samba 4.1.0,
  • samba 4.1.1,
  • samba 4.1.10,
  • samba 4.1.11,
  • samba 4.1.12,
  • samba 4.1.13,
  • samba 4.1.14,
  • samba 4.1.15,
  • samba 4.1.16,
  • samba 4.1.17,
  • samba 4.1.18,
  • samba 4.1.19,
  • samba 4.1.2,
  • samba 4.1.20,
  • samba 4.1.21,
  • samba 4.1.22,
  • samba 4.1.23,
  • samba 4.1.3,
  • samba 4.1.4,
  • samba 4.1.5,
  • samba 4.1.6,
  • samba 4.1.7,
  • samba 4.1.8,
  • samba 4.1.9,
  • samba 4.2.0,
  • samba 4.2.1,
  • samba 4.2.2,
  • samba 4.2.3,
  • samba 4.2.4,
  • samba 4.2.5,
  • samba 4.2.6,
  • samba 4.2.7,
  • samba 4.2.8,
  • samba 4.2.9,
  • samba 4.3.0,
  • samba 4.3.1,
  • samba 4.3.2,
  • samba 4.3.3,
  • samba 4.3.4,
  • samba 4.3.5,
  • samba 4.3.6,
  • samba 4.4.0,
  • ubuntu linux 14.04,
  • ubuntu linux 15.10,
  • ubuntu linux 16.04

Exploited in the Wild

Reported by:

References

Advisory

Additional Info

Technical Analysis