Samba 4.2.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 MitM
Medium Nessus Network Monitor Plugin ID 9823
SynopsisThe remote host is running a version of Samba server that is affected by a MitM (Man-in-the-Middle) attack vector.
DescriptionAccording to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. Therefore, it is affected by a flaw within 'libcli/smb/smbXcli_base.c' that is triggered when handling SMB2/3 client connections. This may allow a MitM attacker to downgrade the required signing for a SMB2/3 client connection.
SolutionUpgrade Samba to version 4.4.5 or later. If version 4.4.x cannot be obtained, versions 4.3.11, and 4.2.14 are also patched for these issues.