Vulnerability Details : CVE-2016-2118
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Exploit prediction scoring system (EPSS) score for CVE-2016-2118
Probability of exploitation activity in the next 30 days: 3.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-2118
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2016-2118
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2118
-
https://www.samba.org/samba/latest_news.html#4.4.2
Samba - Latest NewsVendor Advisory
-
https://www.samba.org/samba/security/CVE-2016-2118.html
Samba - Security Announcement ArchiveVendor Advisory
-
https://security.gentoo.org/glsa/201612-47
Samba: Multiple vulnerabilities (GLSA 201612-47) — Gentoo securityThird Party Advisory
-
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, andThird Party Advisory
-
https://access.redhat.com/security/vulnerabilities/badlock
Badlock Security flaw in Samba - CVE-2016-2118 - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2950-2
USN-2950-2: libsoup update | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
[security-announce] SUSE-SU-2016:1022-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
[SECURITY] Fedora 24 Update: samba-4.4.2-1.fc24Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
[security-announce] openSUSE-SU-2016:1064-1: important: Security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0624.html
RHSA-2016:0624 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
The Slackware Linux Project: Slackware Security AdvisoriesMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2950-4
USN-2950-4: Samba regressions | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/86002
Samba CVE-2016-2118 Man in the Middle Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2016-0612.html
RHSA-2016:0612 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
[security-announce] SUSE-SU-2016:1023-1: important: Security update forMailing List;Third Party Advisory
-
https://www.samba.org/samba/history/samba-4.2.10.html
Samba - Release Notes ArchiveThird Party Advisory
-
http://badlock.org/
Open Source SMB & ADTechnical Description;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
[SECURITY] Fedora 22 Update: samba-4.2.11-0.fc22Mailing List;Third Party Advisory
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Pulse Security Advisory: SA40196 - [Pulse Secure] Badlock security advisory (CVE-2016-2118)Third Party Advisory
-
https://bto.bluecoat.com/security-advisory/sa122
SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
[security-announce] SUSE-SU-2016:1028-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0613.html
RHSA-2016:0613 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0611.html
RHSA-2016:0611 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
[security-announce] openSUSE-SU-2016:1106-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
[security-announce] SUSE-SU-2016:1024-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0619.html
RHSA-2016:0619 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0614.html
RHSA-2016:0614 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0621.html
RHSA-2016:0621 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3548
Debian -- Security Information -- DSA-3548-1 sambaThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized AccessThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0625.html
RHSA-2016:0625 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0618.html
RHSA-2016:0618 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0623.html
RHSA-2016:0623 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.kb.cert.org/vuls/id/813296
VU#813296 - Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")Third Party Advisory;US Government Resource
-
http://rhn.redhat.com/errata/RHSA-2016-0620.html
RHSA-2016:0620 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote VulnerabilitiesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
[security-announce] openSUSE-SU-2016:1025-1: important: Security updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2950-5
USN-2950-5: Samba regression | Ubuntu security noticesThird Party Advisory
-
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
SMB Vulnerabilities in Multiple NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.securitytracker.com/id/1035533
Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2950-3
USN-2950-3: Samba regressions | Ubuntu security noticesThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
[SECURITY] Fedora 23 Update: samba-4.3.8-0.fc23Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2950-1
USN-2950-1: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
[security-announce] openSUSE-SU-2016:1107-1: important: Security updateMailing List;Third Party Advisory
Products affected by CVE-2016-2118
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*