#VU241 Man-in-the-middle attack in Samba


Published: 2016-07-29 | Updated: 2018-11-22

Vulnerability identifier: #VU241

Vulnerability risk: High

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2118

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote attacker to gain elevated privileges on the system.

The vulnerability exists due to the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. A remote attacker can gain elevated privileges on the system by using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database.

Successful exploitation of this vulnerability may result in disclosere of sytem information.

Mitigation
Install Samba 4.4.2, 4.3.8 and 4.2.11

Vulnerable software versions

Samba: 3.6.0

External links
http://www-01.ibm.com/support/docview.wss?uid=swg21986595
http://www.samba.org/samba/security/CVE-2016-2118.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Man-in-the-middle attack in HPE Systems Insight Manager
Multiple vulnerabilities in HPE HP-UX running CIFS Server (Samba)
Ubuntu update for Samba
Ubuntu update for Samba
Ubuntu update for Samba
Ubuntu update for libsoup
Arch Linux update for samba
Multiple vulnerabilities in IBM ProtecTIER
Ubuntu update for Samba
Slackware Linux update for samba