Samba 4.2.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 MitM

Medium Nessus Network Monitor Plugin ID 9823


The remote host is running a version of Samba server that is affected by a MitM (Man-in-the-Middle) attack vector.


According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. Therefore, it is affected by a flaw within 'libcli/smb/smbXcli_base.c' that is triggered when handling SMB2/3 client connections. This may allow a MitM attacker to downgrade the required signing for a SMB2/3 client connection.


Upgrade Samba to version 4.4.5 or later. If version 4.4.x cannot be obtained, versions 4.3.11, and 4.2.14 are also patched for these issues.

See Also

Plugin Details

Severity: Medium

ID: 9823

Family: Samba

Published: 2016/12/09

Updated: 2019/03/06

Dependencies: 8741

Nessus ID: 91976

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 2016/07/07

Vulnerability Publication Date: 2016/07/07

Reference Information

CVE: CVE-2016-2119

BID: 91700