CVE-2015-5296

Published: Dec 29, 2015Modified: May 6, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Exploitability: 2.2 / Impact: 2.7

Source: NVD

Description

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Affected (9)

Products: Samba: Samba · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	From 3.2.0 to 4.1.22
Samba Samba	From 4.2.0 to 4.2.7
Samba Samba	From 4.3.0 to 4.3.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04
Canonical Ubuntu Linux	Version 15.10

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (50)

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2016/dsa-3433

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/79732

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034493

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2855-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2855-2

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1290292

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=1ba49b8f389eda3414b14410c7fbcb4041ca06b1

Source: secalert@redhat.com

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a819d2b440aafa3138d95ff6e8b824da885a70e9

Source: secalert@redhat.com

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=d724f835acb9f4886c0001af32cd325dbbf1f895

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201612-47

Source: secalert@redhat.com

Third Party Advisory

https://www.samba.org/samba/security/CVE-2015-5296.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html