samba: Missing downgrade detection

🗓️ 12 Apr 2016 21:38:55Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

Samba LDAP lacks integrity protection, enabling downgrade attacks and man in the middle hijacking.

Reporter	Title	Published	Views	Family All 199
IBM Security Bulletins	Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS.	16 Jun 201813:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba – including Badlock - affect IBM Spectrum Scale SMB protocol access method	1 Aug 201820:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - Transformation Extender Hypervisor Edition	16 Jun 201820:00	–	ibm
IBM Security Bulletins	Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server for Bluemix if FIPS 140-2 is enabled (CVE-2016-0306) and multiple vulnerabilities in Samba – including Badlock (CVE-2016-2118)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER	16 Feb 202222:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in ISC BIND and Samba - including Badlock - affect IBM Netezza Host Management	18 Oct 201903:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba, including Badlock, affect IBM i	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba –including Badlock - affect IBM OS Images for Red Hat Linux Systems.	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Samba as used in IBM QRadar SIEM is vulnerable to multiple CVE's. (CVE-2016-2110, CVE-2016-2112, CVE-2016-2115)	16 Jun 201821:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Samba affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:33	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	ctdb	0:4.2.11-2.el6rhs	ctdb-0:4.2.11-2.el6rhs.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ctdb	0:4.2.11-2.el7rhgs	ctdb-0:4.2.11-2.el7rhgs.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	ctdb-devel	0:4.2.11-2.el6rhs	ctdb-devel-0:4.2.11-2.el6rhs.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ctdb-devel	0:4.2.11-2.el7rhgs	ctdb-devel-0:4.2.11-2.el7rhgs.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	ctdb-tests	0:4.2.11-2.el6rhs	ctdb-tests-0:4.2.11-2.el6rhs.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ctdb-tests	0:4.2.11-2.el7rhgs	ctdb-tests-0:4.2.11-2.el7rhgs.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	ldb-tools	0:1.1.24-1.el6rhs	ldb-tools-0:1.1.24-1.el6rhs.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	ldb-tools	0:1.1.24-1.el7rhgs	ldb-tools-0:1.1.24-1.el7rhgs.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	libldb	0:1.1.24-1.el6rhs	libldb-0:1.1.24-1.el6rhs.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	libldb	0:1.1.24-1.el7rhgs	libldb-0:1.1.24-1.el7rhgs.x86_64.rpm

Source	Link
access	www.access.redhat.com/articles/2243351
access	www.access.redhat.com/security/cve/CVE-2016-2112
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-2112
cve	www.cve.org/CVERecord

21 Nov 2025 17:55Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.3

CVSS 35.9

EPSS0.0938

Samba Directory access protocol Integrity protection Downgrade attack Man in middle Connection hijack