Improper authentication in Samba - CVE-2016-2125
Published: May 23, 2017 / Updated: May 23, 2017
Vulnerability identifier: #VU6628
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-2125
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Samba
Affected software:
Samba
Samba
Detailed vulnerability description
The vulnerability allows a remote attacker on the local network to bypass Kerberos authentication.
The vulnerability exists due to design error when implementing Kerberos authentication. An attacker with access to local network can place a fake Samba server, intercept a valid general purpose Kerberos "Ticket Granting Ticket" (TGT) and fully impersonate the authenticated user or service.
Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain access to otherwise restricted resources and services.
The vulnerability exists due to design error when implementing Kerberos authentication. An attacker with access to local network can place a fake Samba server, intercept a valid general purpose Kerberos "Ticket Granting Ticket" (TGT) and fully impersonate the authenticated user or service.
Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain access to otherwise restricted resources and services.
How to mitigate CVE-2016-2125
The vulnerability is patched in versions 4.5.3, 4.4.8 and 4.3.13.