CVE-2016-2118
published 2016-04-12CVE-2016-2118: The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections…
PriorityP355high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
36.93%
98.3th percentile
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | samba | < samba 2:4.3.7+dfsg-1 (bookworm) | samba 2:4.3.7+dfsg-1 (bookworm) |
| samba | samba | >= 0 < 2:4.3.7+dfsg-1 | 2:4.3.7+dfsg-1 |
| samba | samba | >= 0 < 2:4.3.7+dfsg-1 | 2:4.3.7+dfsg-1 |
| samba | samba | >= 0 < 2:4.3.7+dfsg-1 | 2:4.3.7+dfsg-1 |
| samba | samba | >= 0 < 2:4.3.7+dfsg-1 | 2:4.3.7+dfsg-1 |
| samba | samba | >= 0 < 2:4.3.9+dfsg-0ubuntu0.14.04.1 | 2:4.3.9+dfsg-0ubuntu0.14.04.1 |
| samba | samba | >= 0 < 2:4.3.8+dfsg-0ubuntu0.14.04.2 | 2:4.3.8+dfsg-0ubuntu0.14.04.2 |
| samba | samba | >= 0 < 2:4.3.9+dfsg-0ubuntu0.14.04.3 | 2:4.3.9+dfsg-0ubuntu0.14.04.3 |
| samba | samba | >= 0 < 2:4.3.9+dfsg-0ubuntu0.16.04.1 | 2:4.3.9+dfsg-0ubuntu0.16.04.1 |
| samba | samba | >= 0 < 2:4.3.9+dfsg-0ubuntu0.16.04.2 | 2:4.3.9+dfsg-0ubuntu0.16.04.2 |
| samba | samba | >= 3.6.0 < 4.2.10 | 4.2.10 |
| samba | samba | >= 4.3.0 < 4.3.7 | 4.3.7 |
| samba | samba | >= 4.4.0 < 4.4.1 | 4.4.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect Badlock by identifying Samba versions in the affected range: 3.6.x, 4.0.x, 4.1.x, 4.2.0–4.2.9, 4.3.0–4.3.6, 4.4.0 via local or remote version checks (Nessus plugin 90508/90509) ↗
- →Use Nessus plugin 90509 ('Samba Badlock Vulnerability') for an uncredentialed/remote detection of CVE-2016-2118 on Samba hosts ↗
- →Use Nessus plugin 90510 for uncredentialed remote detection of the Windows-side Badlock vulnerability (MS16-047 / CVE-2016-0128) ↗
- →Monitor DCE/RPC connections to SAMR and LSA services; any authenticated DCE/RPC connection can be hijacked by a MitM attacker to impersonate the user against those services ↗
- →Alert on protocol-downgrade patterns in DCERPC traffic between clients and Samba/Windows servers handling MS-SAMR or MS-LSAD; modification of the client-server data stream is the attack vector ↗
- →Use LCE/PVS (Nessus Network Monitor) plugin 801967 for passive network-based detection of Badlock-vulnerable Samba versions ↗
- ·The vulnerability requires an attacker to already be positioned as a man-in-the-middle on the network; it is not directly exploitable without intercepting an active authenticated DCE/RPC session ↗
- ·Both Samba (CVE-2016-2118) and Windows (CVE-2016-0128 / MS16-047) are affected; detection and patching must cover both platforms in mixed environments ↗
- ·Successful exploitation grants read/write access to the Security Account Manager database, potentially exposing all password hashes; scope of impact is very high if exploited ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9r74-96x3-hvq9: The MS-SAMR and MS-LSAD protocol implementations in Samba 3
ghsa_unreviewed·2022-05-13
CVE-2016-2118 [HIGH] GHSA-9r74-96x3-hvq9: The MS-SAMR and MS-LSAD protocol implementations in Samba 3
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
OSV
samba regression
osv·2016-05-25·CVSS 5.9
[MEDIUM] samba regression
samba regression
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that
OSV
samba regressions
osv·2016-05-04·CVSS 5.9
[MEDIUM] samba regressions
samba regressions
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained mul
OSV
libsoup2.4 update
osv·2016-05-04·CVSS 5.9
[MEDIUM] libsoup2.4 update
libsoup2.4 update
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
OSV
samba vulnerabilities
osv·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] samba vulnerabilities
samba vulnerabilities
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)
Stefan M
OSV
CVE-2016-2118: The MS-SAMR and MS-LSAD protocol implementations in Samba 3
osv·2016-04-12·CVSS 7.5
CVE-2016-2118 [HIGH] CVE-2016-2118: The MS-SAMR and MS-LSAD protocol implementations in Samba 3
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Ubuntu
Samba regression
vendor_ubuntu·2016-05-25·CVSS 5.9
[MEDIUM] Samba regression
Title: Samba regression
Summary: USN-2950-1 introduced a regression in Samba.
USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-18·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced
in Ubuntu 12.04 LTS caused interoperability issues. This update fixes
compatibility with certain NAS devices, and allows connecting to Samba 3.6
servers by relaxing the "client ipc signing" parameter to "auto".
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTL
Ubuntu
libsoup update
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] libsoup update
Title: libsoup update
Summary: This update fixes libsoup NTLM authentication.
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text b
Ubuntu
Samba regressions
vendor_ubuntu·2016-05-04·CVSS 5.9
[MEDIUM] Samba regressions
Title: Samba regressions
Summary: USN-2950-1 introduced regressions in Samba.
USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba
4.3.8 caused certain regressions and interoperability issues.
This update resolves some of these issues by updating to Samba 4.3.9 in
Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression
fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.
This advisory was inadvertently published as USN-2950-2 originally.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2016-04-18·CVSS 5.9
CVE-2015-5370 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a
machine-in-the-middle attack, or possibly execute arbitrary code.
(CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a
machine-in-the-middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this is
Red Hat
samba: SAMR and LSA man in the middle attacks
vendor_redhat·2016-04-12·CVSS 7.5
CVE-2016-2118 [HIGH] CWE-300 samba: SAMR and LSA man in the middle attacks
samba: SAMR and LSA man in the middle attacks
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would
Debian
CVE-2016-2118: samba - The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2...
vendor_debian·2016·CVSS 7.5
CVE-2016-2118 [HIGH] CVE-2016-2118: samba - The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2...
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Scope: local
bookworm: resolved (fixed in 2:4.3.7+dfsg-1)
bullseye: resolved (fixed in 2:4.3.7+dfsg-1)
forky: resolved (fixed in 2:4.3.7+dfsg-1)
sid: resolved (fixed in 2:4.3.7+dfsg-1)
trixie: resolved (fixed in 2:4.3.7+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
bugzilla·2016-04-12·CVSS 5.9
CVE-2015-5370 [MEDIUM] CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
bugzilla·2016-03-15·CVSS 7.5
CVE-2016-2118 [HIGH] CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
It was reported that various samba versions are vulnerable to man in the middle attack where attacker can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.
Description
The Security Account Manager Remote Protocol [MS-SAMR] and the Local Security Authority (Domain Policy) Remote Protocol [MS-LSAD] are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call (DCERPC) protocol.
These protocols are typically available on all Windows installations as well as every Samba servers. The
Trendmicro
The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
blogs_trendmicro·2022-02-02·CVSS 8.8
CVE-2021-44142 [HIGH] The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
Exploits & Vulnerabilities
# The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
Information on the latest Samba vulnerability and how to protect systems against the threats that can exploit it.
By: Trend Micro
2022/02/02
Read time: ( words)
Save to Folio
Update as of February 8, 2022: To help identify vulnerable endpoints and/or servers, you may use our recently published assessment tool to scan for the Samba vulnerability.
An earlier version of an out-of-bounds (OOB) vulnerability in Samba was disclosed via Trend Micro Zero Day Initiative’s (ZDI) Pwn2Own Austin 2021. ZDI looked further into the security gap and found more variants of the vulnerability after the event and subsequently disclosed the findings to the company. While we have not seen any active attacks exp
Trendmicro
La vulnerabilidad de Samba: qué es CVE-2021-44142 y cómo solucionarlo
blogs_trendmicro·2022-02-02·CVSS 8.8
CVE-2021-44142 [HIGH] La vulnerabilidad de Samba: qué es CVE-2021-44142 y cómo solucionarlo
## La vulnerabilidad de Samba: qué es CVE-2021-44142 y cómo solucionarlo
Información sobre la última vulnerabilidad de Samba y cómo proteger los sistemas contra las amenazas que pueden aprovecharla.
By: Trend Micro Feb 02, 2022 Read time: ( words)
Save to Folio
Por: Trend Micro
Una versión anterior de una vulnerabilidad fuera de los límites (OOB) en Samba fue revelada a través de Pwn2Own Austin 2021 de Trend Micro Zero Day Initiative ( ZDI ). ZDI investigó más a fondo la brecha de seguridad y encontró más variantes de la vulnerabilidad después del evento y posteriormente reveló los hallazgos a la empresa. Aunque no hemos visto ningún ataque activo que explote esta vulnerabilidad, CVE-2021-44142 recibió una calificación CVSS de 9,9 de las tres variantes reportadas. Si se abusa de esta
Tenable
Badlock or Sadlock?
blogs_tenable·2016-04-14·CVSS 6.8
CVE-2016-2118 [MEDIUM] Badlock or Sadlock?
Blog /
Subscribe
# Badlock or Sadlock?
Kelly Prevett
April 14, 2016
3 Min Read
No matter which name you prefer, Badlock or Sadlock, for the recently disclosed CVE-2016-2118 (SAMR and LSA man-in-the-middle attacks possible) and for Windows by CVE-2016-0128/MS16-047 (Windows SAM and LSAD Downgrade Vulnerability) Tenable has you covered. Nessus®, SecurityCenter™, SecurityCenter CV™, or Passive Vulnerability Scanner™, Tenable can determine if you are at risk.
According to Badlock.org, the security vulnerabilities can be mostly categorized as man-in-the-middle or denial-of-service (DoS) attacks. These would permit execution of arbitrary Samba network calls using the context of the intercepted user, such as the ability to view or modify secrets within an AD database, including user passwor
Tenable
Badlock or Sadlock?
blogs_tenable·2016-04-14
Badlock or Sadlock?
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0621.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0625.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/86002http://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://access.redhat.com/security/vulnerabilities/badlockhttps://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-productshttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196https://security.gentoo.org/glsa/201612-47https://www.kb.cert.org/vuls/id/813296https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2016-2118.htmlhttp://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0611.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0613.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0619.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0621.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0624.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0625.htmlhttp://www.debian.org/security/2016/dsa-3548http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/86002http://www.securitytracker.com/id/1035533http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012http://www.ubuntu.com/usn/USN-2950-1http://www.ubuntu.com/usn/USN-2950-2http://www.ubuntu.com/usn/USN-2950-3http://www.ubuntu.com/usn/USN-2950-4http://www.ubuntu.com/usn/USN-2950-5https://access.redhat.com/security/vulnerabilities/badlockhttps://bto.bluecoat.com/security-advisory/sa122https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-productshttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196https://security.gentoo.org/glsa/201612-47https://www.kb.cert.org/vuls/id/813296https://www.samba.org/samba/history/samba-4.2.10.htmlhttps://www.samba.org/samba/latest_news.html#4.4.2https://www.samba.org/samba/security/CVE-2016-2118.html
2016-04-12
Published