CVE-2016-2125: It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba…

medium6.5CVSS 3.1

AVAACLPRNUINSUCHINAN

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
debian	samba	< samba 2:4.5.2+dfsg-2 (bookworm)	samba 2:4.5.2+dfsg-2 (bookworm)
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—
redhat	enterprise_linux_workstation	—	—
redhat	gluster_storage	—	—
samba	samba	>= 0 < 2:4.5.2+dfsg-2	2:4.5.2+dfsg-2
samba	samba	>= 0 < 2:4.5.2+dfsg-2	2:4.5.2+dfsg-2
samba	samba	>= 0 < 2:4.5.2+dfsg-2	2:4.5.2+dfsg-2
samba	samba	>= 0 < 2:4.5.2+dfsg-2	2:4.5.2+dfsg-2
samba	samba	>= 0 < 2:4.3.11+dfsg-0ubuntu0.14.04.4	2:4.3.11+dfsg-0ubuntu0.14.04.4
samba	samba	>= 0 < 2:4.3.11+dfsg-0ubuntu0.16.04.3	2:4.3.11+dfsg-0ubuntu0.16.04.3
samba	samba	>= 3.0.25 < 4.3.13	4.3.13
samba	samba	>= 4.4.0 < 4.4.8	4.4.8
samba	samba	>= 4.5.0 < 4.5.3	4.5.3

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

osv8.8HIGH