Samba 4.2.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 MitM

Medium Nessus Network Monitor Plugin ID 9823

Synopsis

The remote host is running a version of Samba server that is affected by a MitM (Man-in-the-Middle) attack vector.

Description

According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. Therefore, it is affected by a flaw within 'libcli/smb/smbXcli_base.c' that is triggered when handling SMB2/3 client connections. This may allow a MitM attacker to downgrade the required signing for a SMB2/3 client connection.

Solution

Upgrade Samba to version 4.4.5 or later. If version 4.4.x cannot be obtained, versions 4.3.11, and 4.2.14 are also patched for these issues.

See Also

https://www.samba.org/samba/security/CVE-2016-2119.html

Plugin Details

Severity: Medium

ID: 9823

File Name: 9823.prm

Family: Samba

Published: 2016/12/09

Modified: 2016/12/09

Dependencies: 8741

Nessus ID: 91976

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 2016/07/07

Vulnerability Publication Date: 2016/07/07

Reference Information

CVE: CVE-2016-2119

BID: 91700