Samba 4.2.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 MitM

Medium Nessus Network Monitor Plugin ID 9823


The remote host is running a version of Samba server that is affected by a MitM (Man-in-the-Middle) attack vector.


According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. Therefore, it is affected by a flaw within 'libcli/smb/smbXcli_base.c' that is triggered when handling SMB2/3 client connections. This may allow a MitM attacker to downgrade the required signing for a SMB2/3 client connection.


Upgrade Samba to version 4.4.5 or later. If version 4.4.x cannot be obtained, versions 4.3.11, and 4.2.14 are also patched for these issues.

See Also

Plugin Details

Severity: Medium

ID: 9823

File Name: 9823.prm

Family: Samba

Published: 2016/12/09

Modified: 2016/12/09

Dependencies: 8741

Nessus ID: 91976

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.3


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 2016/07/07

Vulnerability Publication Date: 2016/07/07

Reference Information

CVE: CVE-2016-2119

BID: 91700