CVE-2016-2114
CVE-2016-2114
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://badlock.org/http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0612.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0614.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0618.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0620.htmlhttps://bto.bluecoat.com/security-advisory/sa122https://security.gentoo.org/glsa/201612-47