CVE-2016-2111

Impact:
Moderate
Public Date:
2016-04-12
CWE:
CWE-290
Bugzilla:
1311902: CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine.

Find out more about CVE-2016-2111 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Advanced Update Support 6.5 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.4 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux 5 (samba3x) RHSA-2016:0613 2016-04-12
Red Hat Enterprise Linux 7 (samba) RHSA-2016:0612 2016-04-13
Red Hat Enterprise Linux Extended Update Support 7.1 (samba) RHSA-2016:0618 2016-04-13
Red Hat Enterprise Linux Extended Update Support 6.6 (samba) RHSA-2016:0619 2016-04-12
Red Hat Gluster 3 Samba on RHEL-6 (samba) RHSA-2016:0614 2016-04-12
Red Hat Enterprise Linux 6 (samba4) RHSA-2016:0612 2016-04-13
Red Hat Enterprise Linux 6 (samba) RHSA-2016:0611 2016-04-12
Red Hat Gluster 3 Samba on RHEL-7 (samba) RHSA-2016:0614 2016-04-12
Red Hat Gluster Storage Server 3.1 on RHEL-6 (libldb) RHSA-2016:0614 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.5 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux 5 (samba) RHSA-2016:0621 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.2 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.9 server) (samba) RHSA-2016:0623 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.9 server) (samba3x) RHSA-2016:0624 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.4 (samba) RHSA-2016:0619 2016-04-12
Red Hat Enterprise Linux Extended Update Support 6.6 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux Advanced Update Support 6.2 (samba4) RHSA-2016:0620 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.6 server) (samba) RHSA-2016:0623 2016-04-12
Red Hat Enterprise Linux Extended Lifecycle Support 4 (samba) RHSA-2016:0625 2016-04-12
Red Hat Enterprise Linux Long Life (v. 5.6 server) (samba3x) RHSA-2016:0624 2016-04-12

Acknowledgements

Red Hat would like to thank the Samba project for reporting this issue.

External References

Last Modified