CVE-2016-2110
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-2110
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2110.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-2110
- Related
- Published
- 2016-04-25T00:59:01Z
- Modified
- 2024-09-18T04:30:37.076389Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSPNEGOTIATESEAL or NTLMSSPNEGOTIATESIGN option to disrupt LDAP security.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-0611.html
- http://rhn.redhat.com/errata/RHSA-2016-0612.html
- http://rhn.redhat.com/errata/RHSA-2016-0613.html
- http://rhn.redhat.com/errata/RHSA-2016-0614.html
- http://rhn.redhat.com/errata/RHSA-2016-0618.html
- http://rhn.redhat.com/errata/RHSA-2016-0619.html
- http://rhn.redhat.com/errata/RHSA-2016-0620.html
- http://rhn.redhat.com/errata/RHSA-2016-0621.html
- http://rhn.redhat.com/errata/RHSA-2016-0623.html
- http://rhn.redhat.com/errata/RHSA-2016-0624.html
- http://rhn.redhat.com/errata/RHSA-2016-0625.html
- http://www.debian.org/security/2016/dsa-3548
- http://www.ubuntu.com/usn/USN-2950-1
- http://www.ubuntu.com/usn/USN-2950-2
- http://www.ubuntu.com/usn/USN-2950-3
- http://www.ubuntu.com/usn/USN-2950-4
- http://www.ubuntu.com/usn/USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://security.gentoo.org/glsa/201612-47
- https://www.samba.org/samba/security/CVE-2016-2110.html
- http://badlock.org/
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00124.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securitytracker.com/id/1035533
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://security-tracker.debian.org/tracker/CVE-2016-2110
Affected packages
Debian:11 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:12 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:13 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Git / github.com/samba-team/samba
Affected ranges
- Type
- GIT
- Repo
- https://github.com/samba-team/samba
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
ldb-1.*
ldb-1.1.0
ldb-1.1.10
ldb-1.1.11
ldb-1.1.12
ldb-1.1.13
ldb-1.1.14
ldb-1.1.15
ldb-1.1.16
ldb-1.1.17
ldb-1.1.18
ldb-1.1.19
ldb-1.1.2
ldb-1.1.20
ldb-1.1.21
ldb-1.1.3
ldb-1.1.4
ldb-1.1.5
ldb-1.1.6
ldb-1.1.8
ldb-1.1.9
samba-3.*
samba-3.0.27a
samba-3.0.28
samba-3.0.28a
samba-3.0.29
samba-3.0.31
samba-3.0.32
samba-3.0.33
samba-3.2.0
samba-3.2.0pre2
samba-3.2.0pre3
samba-3.2.0rc1
samba-3.2.0rc2
samba-3.2.1
samba-3.2.2
samba-3.2.3
samba-3.2.4
samba-3.2.5
samba-3.2.6
samba-3.2.7
samba-3.3.0
samba-3.3.0pre1
samba-3.3.0pre2
samba-3.3.0rc1
samba-3.3.0rc2
samba-3.3.1
samba-3.3.10
samba-3.3.11
samba-3.3.12
samba-3.3.2
samba-3.3.3
samba-3.3.4
samba-3.3.5
samba-3.3.6
samba-3.3.7
samba-3.3.8
samba-3.3.9
samba-3.4.0
samba-3.4.0pre1
samba-3.4.0pre2
samba-3.4.0rc1
samba-3.4.1
samba-3.4.10
samba-3.4.2
samba-3.4.3
samba-3.4.4
samba-3.4.5
samba-3.4.6
samba-3.4.7
samba-3.4.8
samba-3.4.9
samba-3.5.0
samba-3.5.0pre1
samba-3.5.0pre2
samba-3.5.0rc1
samba-3.5.0rc2
samba-3.5.0rc3
samba-3.5.1
samba-3.5.10
samba-3.5.11
samba-3.5.12
samba-3.5.13
samba-3.5.14
samba-3.5.15
samba-3.5.16
samba-3.5.17
samba-3.5.18
samba-3.5.2
samba-3.5.3
samba-3.5.4
samba-3.5.5
samba-3.5.6
samba-3.5.7
samba-3.5.8
samba-3.5.9
samba-3.6.0
samba-3.6.0pre1
samba-3.6.0pre2
samba-3.6.0pre3
samba-3.6.0rc1
samba-3.6.0rc2
samba-3.6.0rc3
samba-3.6.1
samba-3.6.10
samba-3.6.11
samba-3.6.2
samba-3.6.3
samba-3.6.4
samba-3.6.5
samba-3.6.6
samba-3.6.7
samba-3.6.8
samba-3.6.9
samba-4.*
samba-4.0.0
samba-4.0.0alpha10
samba-4.0.0alpha11
samba-4.0.0alpha13
samba-4.0.0alpha14
samba-4.0.0alpha15
samba-4.0.0alpha16
samba-4.0.0alpha17
samba-4.0.0alpha18
samba-4.0.0alpha19
samba-4.0.0alpha20
samba-4.0.0alpha21
samba-4.0.0alpha6
samba-4.0.0alpha7
samba-4.0.0alpha8
samba-4.0.0alpha9
samba-4.0.0beta1
samba-4.0.0beta2
samba-4.0.0beta3
samba-4.0.0beta4
samba-4.0.0beta5
samba-4.0.0beta6
samba-4.0.0beta7
samba-4.0.0beta8
samba-4.0.0rc1
samba-4.0.0rc2
samba-4.0.0rc3
samba-4.0.0rc4
samba-4.0.0rc5
samba-4.0.0rc6
samba-4.0.1
samba-4.0.2
samba-4.0.3
samba-4.1.0
samba-4.1.0rc1
samba-4.1.0rc2
samba-4.1.0rc3
samba-4.1.0rc4
samba-4.1.1
samba-4.1.2
samba-4.1.3
samba-4.1.4
samba-4.1.5
samba-4.2.0
samba-4.2.0rc1
samba-4.2.0rc2
samba-4.2.0rc3
samba-4.2.0rc4
samba-4.2.0rc5
samba-4.2.1
samba-4.2.2
samba-4.2.3
samba-4.2.4
samba-4.2.5
samba-4.2.6
samba-4.3.0
samba-4.3.0rc1
samba-4.3.0rc2
samba-4.3.0rc3
samba-4.3.0rc4
samba-4.3.1
samba-4.3.2
samba-4.3.3
samba-4.3.4
Other
samba-misc-tags/initial-v3-0-test
samba-misc-tags/initial-v3-0-unstable
samba-misc-tags/initial-v3-2-test
samba-misc-tags/initial-v3-2-unstable
talloc-1.*
talloc-1.3.0
talloc-1.3.1
talloc-2.*
talloc-2.0.0
talloc-2.0.1
talloc-2.0.7
talloc-2.0.8
talloc-2.1.0
talloc-2.1.1
talloc-2.1.2
talloc-2.1.3
tdb-1.*
tdb-1.1.3
tdb-1.1.5
tdb-1.2.0
tdb-1.2.1
tdb-1.2.10
tdb-1.2.11
tdb-1.2.12
tdb-1.2.13
tdb-1.3.0
tdb-1.3.1
tdb-1.3.2
tdb-1.3.3
tdb-1.3.4
tdb-1.3.5
tdb-1.3.6
tdb-1.3.7
tevent-0.*
tevent-0.9.11
tevent-0.9.12
tevent-0.9.13
tevent-0.9.14
tevent-0.9.15
tevent-0.9.16
tevent-0.9.17
tevent-0.9.18
tevent-0.9.19
tevent-0.9.20
tevent-0.9.21
tevent-0.9.22
tevent-0.9.23
tevent-0.9.24
tevent-0.9.25
tevent-0.9.8