CVE-2016-2112

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-2112
Related
Published
2016-04-25T00:59:03Z
Modified
2024-09-18T06:38:14.017771Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

References

Affected packages

Debian:11 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

ldb-1.*

ldb-1.1.0
ldb-1.1.10
ldb-1.1.11
ldb-1.1.12
ldb-1.1.13
ldb-1.1.14
ldb-1.1.15
ldb-1.1.16
ldb-1.1.17
ldb-1.1.18
ldb-1.1.19
ldb-1.1.2
ldb-1.1.20
ldb-1.1.21
ldb-1.1.3
ldb-1.1.4
ldb-1.1.5
ldb-1.1.6
ldb-1.1.8
ldb-1.1.9

samba-3.*

samba-3.0.27a
samba-3.0.28
samba-3.0.28a
samba-3.0.29
samba-3.0.31
samba-3.0.32
samba-3.0.33
samba-3.2.0
samba-3.2.0pre2
samba-3.2.0pre3
samba-3.2.0rc1
samba-3.2.0rc2
samba-3.2.1
samba-3.2.2
samba-3.2.3
samba-3.2.4
samba-3.2.5
samba-3.2.6
samba-3.2.7
samba-3.3.0
samba-3.3.0pre1
samba-3.3.0pre2
samba-3.3.0rc1
samba-3.3.0rc2
samba-3.3.1
samba-3.3.10
samba-3.3.11
samba-3.3.12
samba-3.3.2
samba-3.3.3
samba-3.3.4
samba-3.3.5
samba-3.3.6
samba-3.3.7
samba-3.3.8
samba-3.3.9
samba-3.4.0
samba-3.4.0pre1
samba-3.4.0pre2
samba-3.4.0rc1
samba-3.4.1
samba-3.4.10
samba-3.4.2
samba-3.4.3
samba-3.4.4
samba-3.4.5
samba-3.4.6
samba-3.4.7
samba-3.4.8
samba-3.4.9
samba-3.5.0
samba-3.5.0pre1
samba-3.5.0pre2
samba-3.5.0rc1
samba-3.5.0rc2
samba-3.5.0rc3
samba-3.5.1
samba-3.5.10
samba-3.5.11
samba-3.5.12
samba-3.5.13
samba-3.5.14
samba-3.5.15
samba-3.5.16
samba-3.5.17
samba-3.5.18
samba-3.5.2
samba-3.5.3
samba-3.5.4
samba-3.5.5
samba-3.5.6
samba-3.5.7
samba-3.5.8
samba-3.5.9
samba-3.6.0
samba-3.6.0pre1
samba-3.6.0pre2
samba-3.6.0pre3
samba-3.6.0rc1
samba-3.6.0rc2
samba-3.6.0rc3
samba-3.6.1
samba-3.6.10
samba-3.6.11
samba-3.6.2
samba-3.6.3
samba-3.6.4
samba-3.6.5
samba-3.6.6
samba-3.6.7
samba-3.6.8
samba-3.6.9

samba-4.*

samba-4.0.0
samba-4.0.0alpha10
samba-4.0.0alpha11
samba-4.0.0alpha13
samba-4.0.0alpha14
samba-4.0.0alpha15
samba-4.0.0alpha16
samba-4.0.0alpha17
samba-4.0.0alpha18
samba-4.0.0alpha19
samba-4.0.0alpha20
samba-4.0.0alpha21
samba-4.0.0alpha6
samba-4.0.0alpha7
samba-4.0.0alpha8
samba-4.0.0alpha9
samba-4.0.0beta1
samba-4.0.0beta2
samba-4.0.0beta3
samba-4.0.0beta4
samba-4.0.0beta5
samba-4.0.0beta6
samba-4.0.0beta7
samba-4.0.0beta8
samba-4.0.0rc1
samba-4.0.0rc2
samba-4.0.0rc3
samba-4.0.0rc4
samba-4.0.0rc5
samba-4.0.0rc6
samba-4.0.1
samba-4.0.2
samba-4.0.3
samba-4.1.0
samba-4.1.0rc1
samba-4.1.0rc2
samba-4.1.0rc3
samba-4.1.0rc4
samba-4.1.1
samba-4.1.2
samba-4.1.3
samba-4.1.4
samba-4.1.5
samba-4.2.0
samba-4.2.0rc1
samba-4.2.0rc2
samba-4.2.0rc3
samba-4.2.0rc4
samba-4.2.0rc5
samba-4.2.1
samba-4.2.2
samba-4.2.3
samba-4.2.4
samba-4.2.5
samba-4.2.6
samba-4.3.0
samba-4.3.0rc1
samba-4.3.0rc2
samba-4.3.0rc3
samba-4.3.0rc4
samba-4.3.1
samba-4.3.2
samba-4.3.3
samba-4.3.4

Other

samba-misc-tags/initial-v3-0-test
samba-misc-tags/initial-v3-0-unstable
samba-misc-tags/initial-v3-2-test
samba-misc-tags/initial-v3-2-unstable

talloc-1.*

talloc-1.3.0
talloc-1.3.1

talloc-2.*

talloc-2.0.0
talloc-2.0.1
talloc-2.0.7
talloc-2.0.8
talloc-2.1.0
talloc-2.1.1
talloc-2.1.2
talloc-2.1.3

tdb-1.*

tdb-1.1.3
tdb-1.1.5
tdb-1.2.0
tdb-1.2.1
tdb-1.2.10
tdb-1.2.11
tdb-1.2.12
tdb-1.2.13
tdb-1.3.0
tdb-1.3.1
tdb-1.3.2
tdb-1.3.3
tdb-1.3.4
tdb-1.3.5
tdb-1.3.6
tdb-1.3.7

tevent-0.*

tevent-0.9.11
tevent-0.9.12
tevent-0.9.13
tevent-0.9.14
tevent-0.9.15
tevent-0.9.16
tevent-0.9.17
tevent-0.9.18
tevent-0.9.19
tevent-0.9.20
tevent-0.9.21
tevent-0.9.22
tevent-0.9.23
tevent-0.9.24
tevent-0.9.25
tevent-0.9.8