|
|
Subscribe / Log in / New account

samba: crypto downgrade

Package(s):samba CVE #(s):CVE-2016-2119
Created:July 8, 2016 Updated:December 19, 2016
Description: From the Slackware advisory:

This release fixes a security issue: Client side SMB2/3 required signing can be downgraded. It's possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can impersonate a server being connected to by Samba, and return malicious results.

Alerts:
Ubuntu USN-3092-1 samba 2016-09-28
openSUSE openSUSE-SU-2016:2371-1 samba 2016-09-24
Scientific Linux SLSA-2016:1487-1 samba4 2016-07-26
Scientific Linux SLSA-2016:1486-1 samba 2016-07-26
CentOS CESA-2016:1487 samba4 2016-07-26
CentOS CESA-2016:1486 samba 2016-07-26
Oracle ELSA-2016-1487 samba4 2016-07-26
Oracle ELSA-2016-1486 samba 2016-07-26
Red Hat RHSA-2016:1487-01 samba4 2016-07-26
Red Hat RHSA-2016:1486-01 samba 2016-07-26
openSUSE openSUSE-SU-2016:1830-1 samba 2016-07-19
Fedora FEDORA-2016-48b53757a9 samba 2016-07-15
Fedora FEDORA-2016-0acec022f4 samba 2016-07-12
Slackware SSA:2016-189-01 samba 2016-07-07
Debian DSA-3740-1 samba 2016-12-19

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds