7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.3%
Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a
machine-in-the-middle attack.
Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | samba | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | ctdb | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | ctdb-dbgsym | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libnss-winbind | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libnss-winbind-dbgsym | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libpam-winbind | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libpam-winbind-dbgsym | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libparse-pidl-perl | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libparse-pidl-perl-dbgsym | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | libsmbclient | < 2:4.3.11+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.3%