RHEL 5 : samba3x (RHSA-2016:0613)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0613 advisory. - samba: crash in dcesrvauthbindack due to missing error check CVE-2015-5370 - samba: Man-in-the-middle attacks possible with NTLMSSP...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...