DEBIAN-CVE-2016-2112

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2016-2112

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2112.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2016-2112

Upstream

CVE-2016-2112

Published

2016-04-25T00:59:03Z

Modified

2025-09-25T01:00:09.044984Z

Summary

[none]

Details

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

References

https://security-tracker.debian.org/tracker/CVE-2016-2112

Affected packages

Debian:11 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.3.7+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}