samba: Unconditional privilege delegation to Kerberos servers in trusted realms

🗓️ 21 Mar 2017 08:44:53Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Samba always requests forwardable Kerberos tickets, enabling privilege delegation and impersonation.

Reporter	Title	Published	Views	Family All 147
ALT Linux	Security fix for the ALT Linux 8 package samba version 4.5.3-alt1	19 Dec 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 7 package samba-DC version 4.5.3-alt1.M70P.1	19 Dec 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 7 package samba version 4.5.3-alt1.M70P.1	19 Dec 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.5.3-alt1.S1	19 Dec 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package samba-DC version 4.5.3-alt1	19 Dec 201600:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL and Samba affects IBM Netezza Host Management	18 Oct 201903:10	–	ibm
IBM Security Bulletins	Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2125, CVE-2016-2126)	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in Bluemix	15 Jun 201807:07	–	ibm
IBM Security Bulletins	Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 )	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125)	1 Aug 201819:05	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	ppc64	samba4	0:4.2.10-9.el6	samba4-0:4.2.10-9.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	samba4	0:4.2.10-9.el6	samba4-0:4.2.10-9.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	samba4	0:4.2.10-9.el6	samba4-0:4.2.10-9.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	samba4	0:4.2.10-9.el6.i686	samba4-0:4.2.10-9.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	ppc64	samba4-client	0:4.2.10-9.el6	samba4-client-0:4.2.10-9.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	samba4-client	0:4.2.10-9.el6	samba4-client-0:4.2.10-9.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	samba4-client	0:4.2.10-9.el6	samba4-client-0:4.2.10-9.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	samba4-client	0:4.2.10-9.el6.i686	samba4-client-0:4.2.10-9.el6.i686.noarch.rpm
Red Hat Enterprise Linux	6	ppc64	samba4-common	0:4.2.10-9.el6	samba4-common-0:4.2.10-9.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	samba4-common	0:4.2.10-9.el6	samba4-common-0:4.2.10-9.el6.s390x.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-2125
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-2125
cve	www.cve.org/CVERecord
samba	www.samba.org/samba/security/CVE-2016-2125.html

13 May 2026 01:52Current

7.1High risk

Vulners AI Score7.1

CVSS 23.3

CVSS 3.16.5

CVSS 36.4

EPSS0.08663

Samba Kerberos forwardable tickets privilege delegation impersonation trusted realms