Lucene search
K

28 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.4 views

SUSE CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

5.9CVSS6.6AI score0.02601EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.3 views

SUSE CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

8CVSS7.4AI score0.13228EPSS
Exploits0References10
OSV
OSV
added 2016/04/25 12:59 a.m.1 views

DEBIAN-CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

5.9CVSS9AI score0.02601EPSS
Exploits0References1
OSV
OSV
added 2016/04/25 12:59 a.m.6 views

CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

5.9CVSS7.3AI score0.02601EPSS
Exploits0References25
ALT Linux
ALT Linux
added 2016/04/12 12:0 a.m.46 views

Security fix for the ALT Linux 10 package samba version 4.4.2-alt1

April 12, 2016 Andrey Cherepanov 4.4.2-alt1 - New version - Security fixes: - CVE-2015-5370 Multiple errors in DCE-RPC code - CVE-2016-2110 Man in the middle attacks possible with NTLMSSP - CVE-2016-2111 NETLOGON Spoofing Vulnerability - CVE-2016-2112 LDAP client and server don't enforce integrit...

6.8CVSS6.1AI score0.3693EPSS
Exploits0
Samba
Samba
added 2016/04/12 12:0 a.m.641 views

"server signing = mandatory" not enforced

Description Due to a regression introduced in Samba 4.0.0, an explicit "server signing = mandatory" in the global section of the smb.conf was not enforced for clients using the SMB1 protocol. As a result it does not enforce smb signing and allows man in the middle attacks. This problem applies to...

5.9CVSS6.8AI score0.02601EPSS
Exploits0
ALT Linux
ALT Linux
added 2016/04/12 12:0 a.m.47 views

Security fix for the ALT Linux 8 package samba version 4.4.2-alt1

April 12, 2016 Andrey Cherepanov 4.4.2-alt1 - New version - Security fixes: - CVE-2015-5370 Multiple errors in DCE-RPC code - CVE-2016-2110 Man in the middle attacks possible with NTLMSSP - CVE-2016-2111 NETLOGON Spoofing Vulnerability - CVE-2016-2112 LDAP client and server don't enforce integrit...

6.8CVSS6.2AI score0.3693EPSS
Exploits0
OSV
OSV
added 2016/04/12 12:0 a.m.2 views

UBUNTU-CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

5.9CVSS6.8AI score0.02601EPSS
Exploits0References4
Rows per page
Query Builder