CVE-2016-2112

MEDIUM

Description

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

ID	Name	Product	Family	Severity
99777	EulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1014)	Nessus	Huawei Local Security Checks	medium
96127	GLSA-201612-47 : Samba: Multiple vulnerabilities (Badlock)	Nessus	Gentoo Local Security Checks	medium
9822	Samba 4.2.x < 4.2.11 / 4.3.x < 4.3.8 / 4.4.x < 4.4.2 Multiple MitM	Nessus Network Monitor	Samba	medium
802024	Samba < 4.4.2, 4.3.8, 4.2.11, 3.6.26 Multiple Vulnerabilities	Log Correlation Engine	Samba	critical
91333	Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : samba regression (USN-2950-5) (Badlock)	Nessus	Ubuntu Local Security Checks	medium
91256	Ubuntu 12.04 LTS : samba regressions (USN-2950-4) (Badlock)	Nessus	Ubuntu Local Security Checks	medium
90915	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : samba regressions (USN-2950-3) (Badlock)	Nessus	Ubuntu Local Security Checks	medium
90824	Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libsoup2.4 update (USN-2950-2) (Badlock)	Nessus	Ubuntu Local Security Checks	medium
90646	Fedora 24 : samba-4.4.2-1.fc24 (2016-383fce04e2) (Badlock)	Nessus	Fedora Local Security Checks	medium
90609	openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)	Nessus	SuSE Local Security Checks	critical
90588	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)	Nessus	Ubuntu Local Security Checks	medium
90558	openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)	Nessus	SuSE Local Security Checks	critical
90548	Slackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)	Nessus	Slackware Local Security Checks	medium
90536	SUSE SLES11 Security Update : samba (SUSE-SU-2016:1028-1) (Badlock)	Nessus	SuSE Local Security Checks	medium
90534	SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)	Nessus	SuSE Local Security Checks	medium
90533	SUSE SLES11 Security Update : samba (SUSE-SU-2016:1023-1) (Badlock)	Nessus	SuSE Local Security Checks	medium
90532	SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)	Nessus	SuSE Local Security Checks	medium
90530	RHEL 6 / 7 : Storage Server (RHSA-2016:0614) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90522	openSUSE Security Update : samba (openSUSE-2016-453) (Badlock)	Nessus	SuSE Local Security Checks	medium
90519	Fedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)	Nessus	Fedora Local Security Checks	medium
90516	Fedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)	Nessus	Fedora Local Security Checks	medium
90515	Debian DSA-3548-1 : samba - security update (Badlock)	Nessus	Debian Local Security Checks	medium
90514	Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)	Nessus	Amazon Linux Local Security Checks	medium
90508	Samba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)	Nessus	Misc.	medium
90504	Scientific Linux Security Update : samba on SL6.x i386/x86_64 (Badlock)	Nessus	Scientific Linux Local Security Checks	medium
90503	Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)	Nessus	Scientific Linux Local Security Checks	medium
90502	Scientific Linux Security Update : samba and samba4 on SL6.x, SL7.x i386/x86_64 (Badlock)	Nessus	Scientific Linux Local Security Checks	medium
90501	Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (Badlock)	Nessus	Scientific Linux Local Security Checks	medium
90500	RHEL 5 : samba3x (RHSA-2016:0624) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90497	RHEL 6 : samba4 (RHSA-2016:0620) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90496	RHEL 6 : samba (RHSA-2016:0619) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90495	RHEL 7 : samba (RHSA-2016:0618) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90493	RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90492	RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90491	RHEL 6 : samba (RHSA-2016:0611) (Badlock)	Nessus	Red Hat Local Security Checks	medium
90488	Oracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)	Nessus	Oracle Linux Local Security Checks	medium
90487	Oracle Linux 6 / 7 : samba / samba4 (ELSA-2016-0612) (Badlock)	Nessus	Oracle Linux Local Security Checks	medium
90486	Oracle Linux 6 : samba (ELSA-2016-0611) (Badlock)	Nessus	Oracle Linux Local Security Checks	medium
90474	FreeBSD : samba -- multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)	Nessus	FreeBSD Local Security Checks	medium
90451	CentOS 5 : samba3x (CESA-2016:0613) (Badlock)	Nessus	CentOS Local Security Checks	medium
90450	CentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612) (Badlock)	Nessus	CentOS Local Security Checks	medium
90449	CentOS 6 : samba (CESA-2016:0611) (Badlock)	Nessus	CentOS Local Security Checks	medium
9233	Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	medium
9232	Samba 4.3.x < 4.3.7 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	medium
9231	Samba 4.2.x < 4.2.10 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	medium
801967	Samba < 4.2.10/11, < 4.3.7/8, < 4.4.1/2 badlock Vulnerability	Log Correlation Engine	Samba	high

CVE-2016-2112

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0