CVE-2016-2118 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2016-2118?

CVE-2016-2118 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2118?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 3.6.0, < 4.2.10
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-254

References

http://badlock.org/Technical DescriptionThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0611.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0612.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0613.htmlThird Party Advisory

FAQ

What is CVE-2016-2118?

CVE-2016-2118 is a vulnerability with a CVSS score of 7.5 (HIGH). The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers t...

How severe is CVE-2016-2118?

CVE-2016-2118 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2118?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Debian Debian Linux.