Debian 7, 8 DSA-3548-1 Critical Samba Denial Of Service Issues
debian
April 13, 2016
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix
Summary
CVE-2015-5370
Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC
code which can lead to denial of service (crashes and high cpu
consumption) and man-in-the-middle attacks.
CVE-2016-2110
Stefan Metzmacher of SerNet and the Samba Team discovered that the
feature negotiation of NTLMSSP does not protect against downgrade
attacks.
CVE-2016-2111
When Samba is configured as domain controller, it allows remote
attackers to spoof the computer name of a secure channel's endpoint,
and obtain sensitive session information. This flaw corresponds to
the same vulnerability as CVE-2015-0005 for Windows, discovered by
Alberto Solino from Core Security.
CVE-2016-2112
Stefan Metzmacher of SerNet and the Samba Team discovered that a
man-in-the-middle attacker can downgrade LDAP connections to avoid
integrity protection.
CVE-2016-2113
Stefan Metzmacher of SerNet and the Samba Team discovered that
man-in-the-middle attacks are possible for clie...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: samba
CVE ID: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!