Your submission was sent successfully! Close

CVE-2016-2113

Published: 12 April 2016

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

Notes

AuthorNote
mdeslaur
4.x+ only
Priority

Medium

CVSS 3 base score: 7.4

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty
Released (2:4.3.8+dfsg-0ubuntu0.14.04.2)
upstream
Released (4.4.2,4.3.8,4.2.11)
wily
Released (2:4.3.8+dfsg-0ubuntu0.15.10.2)
xenial
Released (2:4.3.8+dfsg-0ubuntu1)
yakkety
Released (2:4.3.8+dfsg-0ubuntu1)
zesty
Released (2:4.3.8+dfsg-0ubuntu1)
samba4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty Does not exist

upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist