Detections
Analytics

Samba 4.2.x < 4.2.14 / 4.3.x < 4.3.11 / 4.4.x < 4.4.5 MitM

medium Nessus Network Monitor Plugin ID 9823

Synopsis

The remote host is running a version of Samba server that is affected by a MitM (Man-in-the-Middle) attack vector.

Description

According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. Therefore, it is affected by a flaw within 'libcli/smb/smbXcli_base.c' that is triggered when handling SMB2/3 client connections. This may allow a MitM attacker to downgrade the required signing for a SMB2/3 client connection.

Solution

Upgrade Samba to version 4.4.5 or later. If version 4.4.x cannot be obtained, versions 4.3.11, and 4.2.14 are also patched for these issues.

See Also

https://www.samba.org/samba/security/CVE-2016-2119.html

Plugin Details

Severity: Medium

ID: 9823

Family: Samba

Published: 12/9/2016

Updated: 3/6/2019

Nessus ID: 91976

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 7/7/2016

Vulnerability Publication Date: 7/7/2016

Reference Information

CVE: CVE-2016-2119

BID: 91700