CVE-2016-2115
published 2016-04-25CVE-2016-2115: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows…
PriorityP336medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EPSS
10.23%
95.1th percentile
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Affected
258 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | samba | < samba 2:4.3.7+dfsg-1 (bookworm) | samba 2:4.3.7+dfsg-1 (bookworm) |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
| emc | isilon_onefs | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba regression
vendor_ubuntu·2016-05-25·CVSS 5.9
[MEDIUM] Samba regression
Title: Samba regression
Summary: USN-2950-1 introduced a regression in Samba.
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-18·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced
in Ubuntu 12.04 LTS caused interoperability issues. This update fixes
compatibility with certain NAS devices, and allows connecting to Samba 3.6
servers by relaxing the "client ipc signing" parameter to "auto".
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTL
Ubuntu
libsoup update
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] libsoup update
Title: libsoup update
Summary: This update fixes libsoup NTLM authentication.
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text b
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this is
Red Hat
samba: Smb signing not required by default when smb client connection is used for ipc usage
vendor_redhat·2016-04-12·CVSS 5.9
CVE-2016-2115 [MEDIUM] CWE-300 samba: Smb signing not required by default when smb client connection is used for ipc usage
samba: Smb signing not required by default when smb client connection is used for ipc usage
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.
Package: samba (Red Hat Enterprise Linux 4) - Affected
Package: samba (Red Hat Enterprise Linux 5) - Affected
Package: samba (Red Hat Enterprise Linux Extended Update Support 5.6) - Affected
Package: samba3x (Red Hat Enterprise Linux Extended Up
Debian
CVE-2016-2115: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does...
vendor_debian·2016·CVSS 5.9
CVE-2016-2115 [MEDIUM] CVE-2016-2115: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does...
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Scope: local
bookworm: resolved (fixed in 2:4.3.7+dfsg-1)
bullseye: resolved (fixed in 2:4.3.7+dfsg-1)
forky: resolved (fixed in 2:4.3.7+dfsg-1)
sid: resolved (fixed in 2:4.3.7+dfsg-1)
trixie: resolved (fixed in 2:4.3.7+dfsg-1)
GHSA
GHSA-5vv3-jf75-3fr5: Samba 3
ghsa_unreviewed·2022-05-17
CVE-2016-2115 [MEDIUM] GHSA-5vv3-jf75-3fr5: Samba 3
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
GHSA
GHSA-vw4c-6hqg-68fm: EMC Isilon OneFS 7
ghsa_unreviewed·2022-05-17·CVSS 5.9
CVE-2016-0907 [MEDIUM] GHSA-vw4c-6hqg-68fm: EMC Isilon OneFS 7
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
OSV
samba regression
osv·2016-05-25·CVSS 5.9
[MEDIUM] samba regression
samba regression
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that
OSV
samba regressions
osv·2016-05-04·CVSS 5.9
[MEDIUM] samba regressions
samba regressions
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained mul
OSV
libsoup2.4 update
osv·2016-05-04·CVSS 5.9
[MEDIUM] libsoup2.4 update
libsoup2.4 update
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
OSV
CVE-2016-2115: Samba 3
osv·2016-04-25·CVSS 5.9
CVE-2016-2115 [MEDIUM] CVE-2016-2115: Samba 3
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
OSV
samba vulnerabilities
osv·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] samba vulnerabilities
samba vulnerabilities
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)
Stefan M
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
bugzilla·2016-04-12·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
bugzilla·2016-02-25·CVSS 5.9
CVE-2016-2115 [MEDIUM] CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that when a smb client connection is used for ipc usage (e.g. as NCACN_NP transport of DCERPC) it doesn't not require smb signing by default. This allows for various man-in-the-middle attacks.
Currently all Samba versions are affected.
Upstream bug:
https://bugzilla.samba.org/show_bug.cgi?id=11756
Discussion:
Acknowledgements:
Name: the Samba project
Upstream: Stefan Metzmacher (SerNet)
---
External Reference:
https://access.redhat.com/articles/2243351
---
Public via:
https://www.samba.org/samba/security/CVE-2016-2115.html
---
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 1326453]
---
This issue has been addressed in the following p
http://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://security.gentoo.org/glsa/201612-47https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2016-2115.htmlhttp://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://security.gentoo.org/glsa/201612-47https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2016-2115.html
2016-04-25
Published