CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even…

medium5.9CVSS 3.1

AVNACHPRNUINSUCHINAN

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Affected

57 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	samba	< samba 2:4.13.14+dfsg-1 (bookworm)	samba 2:4.13.14+dfsg-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
msrc	azl3_samba_4.18.3-1_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl2_samba_4.12.5-6_on_cbl_mariner_2.0	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_power_big_endian	—	—
redhat	enterprise_linux_for_power_little_endian	—	—

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

osv5.9MEDIUM