FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- client side SMB2/3 required signing can be downgraded

Affected packages
4.0.0	<=	samba4	<=	4.0.26
4.1.0	<=	samba41	<=	4.1.23
4.2.0	<=	samba42	<	4.2.14
4.3.0	<=	samba43	<	4.3.11
4.4.0	<=	samba44	<	4.4.5

Details

VuXML ID	4729c849-4897-11e6-b704-000c292e4fd8
Discovery	2016-07-07
Entry	2016-07-13

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.

[source]

References

CVE Name	CVE-2016-2119
URL	https://www.samba.org/samba/security/CVE-2016-2119.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.