Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2016-2124)

Summary

A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could cause man-in-the-middle attack . A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2016-2124
**DESCRIPTION:**Samba SMB1 client is vulnerable to a man-in-the-middle attack, caused by improper handling of SMB1 client connections. By sending a specially-crafted request, an attacker could exploit this vulnerability to force the client side SMB1 code to fall-back to plaintext or NTLM based authentication, allowing an attacker to conduct a man-in-the-middle attack to obtain sensitive information or further compromise the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213344 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

For IBM Spectrum Scale V5.0.0.0 through 5.0.5.11, apply V5.0.5.12 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=Linux+PPC64LE&function=all
For IBM Spectrum Scale V5.1.0 through V5.1.2.1, apply V5.1.2.2 or V5.1.3 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.3&platform=Linux+PPC64LE&function=all

Workarounds and Mitigations

None