Man-in-the-middle attack in Samba - CVE-2016-2118
Published: July 29, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU241
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-2118
CWE-ID: CWE-300
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Samba
Samba
Software vendor:
Samba
Samba
Description
The vulnerability allows a remote attacker to gain elevated privileges on the system.
The vulnerability exists due to the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. A remote attacker can gain elevated privileges on the system by using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database.
Successful exploitation of this vulnerability may result in disclosere of sytem information.
The vulnerability exists due to the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. A remote attacker can gain elevated privileges on the system by using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database.
Successful exploitation of this vulnerability may result in disclosere of sytem information.
Remediation
Install Samba 4.4.2, 4.3.8 and 4.2.11