ALT-PU-2016-1423-1

Package update samba in branch t7

Version4.3.8-alt0.M70P.2

Published2016-04-30

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.9

Уязвимость реализации NTLMSSP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2021-03-15Modified: 2021-03-23

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

References

CVE-2016-2110

MEDIUM5.9

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

Published: 2016-04-25Modified: 2025-04-12

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References