Home > Vulnerability Database > CVE-2016-2112

Mend.io Vulnerability Database

CVE-2016-2112

Good to know:

Date: April 24, 2016

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Language: C

Severity Score

5.9

Related Resources (42)

Url: http://www.debian.org/security/2016/dsa-3548

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-2112

Url: http://rhn.redhat.com/errata/RHSA-2016-0612.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0620.html

Url: http://www.ubuntu.com/usn/USN-2950-5

Url: http://www.ubuntu.com/usn/USN-2950-4

Url: http://www.ubuntu.com/usn/USN-2950-3

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html

Url: https://www.samba.org/samba/latest_news.html#4.4.2

Url: http://www.ubuntu.com/usn/USN-2950-2

Url: http://www.ubuntu.com/usn/USN-2950-1

Url: http://badlock.org/

Url: https://access.redhat.com/security/cve/CVE-2016-2112

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Url: https://www.samba.org/samba/history/samba-4.2.10.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0618.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964

Url: http://rhn.redhat.com/errata/RHSA-2016-0619.html

Url: https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821

Url: http://rhn.redhat.com/errata/RHSA-2016-0611.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html

Url: https://security-tracker.debian.org/tracker/CVE-2016-2112

Url: http://rhn.redhat.com/errata/RHSA-2016-0614.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0624.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Url: https://bto.bluecoat.com/security-advisory/sa122

Url: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012

Url: http://www.securitytracker.com/id/1035533

Url: https://security.gentoo.org/glsa/201612-47

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2112

Url: http://rhn.redhat.com/errata/RHSA-2016-0613.html

Url: https://www.samba.org/samba/security/CVE-2016-2112.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html

Url: https://www.mend.io/vulnerability-database/CVE-2016-2112

Severity Score

5.9

Weakness Type (CWE)

Security Features

CWE-254

Top Fix

Upgrade Version

Upgrade to version 4.2.11,4.3.8,4.4.2

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-2112

Good to know:

Date: April 24, 2016

Language: C

Severity Score

Related Resources (42)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?