CVE-2016-2114

Published: Apr 25, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

Affected (75)

Products: Samba: Samba · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

72 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Version 4.0.0
Samba Samba	Version 4.0.10
Samba Samba	Version 4.0.11
Samba Samba	Version 4.0.12
Samba Samba	Version 4.0.13
Samba Samba	Version 4.0.14
Samba Samba	Version 4.0.15
Samba Samba	Version 4.0.16
Samba Samba	Version 4.0.17
Samba Samba	Version 4.0.18
Samba Samba	Version 4.0.19
Samba Samba	Version 4.0.1
Samba Samba	Version 4.0.20
Samba Samba	Version 4.0.21
Samba Samba	Version 4.0.22
Samba Samba	Version 4.0.23
Samba Samba	Version 4.0.24
Samba Samba	Version 4.0.25
Samba Samba	Version 4.0.26
Samba Samba	Version 4.0.2
Samba Samba	Version 4.0.3
Samba Samba	Version 4.0.4
Samba Samba	Version 4.0.5
Samba Samba	Version 4.0.6
Samba Samba	Version 4.0.7
Samba Samba	Version 4.0.8
Samba Samba	Version 4.0.9
Samba Samba	Version 4.1.0
Samba Samba	Version 4.1.10
Samba Samba	Version 4.1.11
Samba Samba	Version 4.1.12
Samba Samba	Version 4.1.13
Samba Samba	Version 4.1.14
Samba Samba	Version 4.1.15
Samba Samba	Version 4.1.16
Samba Samba	Version 4.1.17
Samba Samba	Version 4.1.18
Samba Samba	Version 4.1.19
Samba Samba	Version 4.1.1
Samba Samba	Version 4.1.20
Samba Samba	Version 4.1.21
Samba Samba	Version 4.1.22
Samba Samba	Version 4.1.23
Samba Samba	Version 4.1.2
Samba Samba	Version 4.1.3
Samba Samba	Version 4.1.4
Samba Samba	Version 4.1.5
Samba Samba	Version 4.1.6
Samba Samba	Version 4.1.7
Samba Samba	Version 4.1.8
Samba Samba	Version 4.1.9
Samba Samba	Version 4.2.0 rc1
Samba Samba	Version 4.2.0 rc2
Samba Samba	Version 4.2.0 rc3
Samba Samba	Version 4.2.0 rc4
Samba Samba	Version 4.2.1
Samba Samba	Version 4.2.2
Samba Samba	Version 4.2.3
Samba Samba	Version 4.2.4
Samba Samba	Version 4.2.5
Samba Samba	Version 4.2.6
Samba Samba	Version 4.2.7
Samba Samba	Version 4.2.8
Samba Samba	Version 4.2.9
Samba Samba	Version 4.3.0
Samba Samba	Version 4.3.1
Samba Samba	Version 4.3.2
Samba Samba	Version 4.3.3
Samba Samba	Version 4.3.4
Samba Samba	Version 4.3.5
Samba Samba	Version 4.3.6
Samba Samba	Version 4.4.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

References (50)

http://badlock.org/

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0612.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0614.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0618.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0620.html

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3548

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/86011

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035533

Source: secalert@redhat.com

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2950-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2950-2

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2950-3

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2950-4

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2950-5

Source: secalert@redhat.com

https://bto.bluecoat.com/security-advisory/sa122

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201612-47

Source: secalert@redhat.com

https://www.samba.org/samba/history/samba-4.2.10.html

Source: secalert@redhat.com

https://www.samba.org/samba/latest_news.html#4.4.2

Source: secalert@redhat.com

https://www.samba.org/samba/security/CVE-2016-2114.html

Source: secalert@redhat.com

PatchVendor Advisory

http://badlock.org/

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0612.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0614.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0618.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0620.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3548

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/86011

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035533

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2950-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2950-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2950-3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2950-4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2950-5

Source: af854a3a-2127-422b-91ae-364da2661108

https://bto.bluecoat.com/security-advisory/sa122

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201612-47

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.samba.org/samba/history/samba-4.2.10.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.samba.org/samba/latest_news.html#4.4.2

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.samba.org/samba/security/CVE-2016-2114.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.