Vulnerability identifier: #VU6628

Vulnerability risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2125

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote attacker on the local network to bypass Kerberos authentication.

The vulnerability exists due to design error when implementing Kerberos authentication. An attacker with access to local network can place a fake Samba server, intercept a valid general purpose Kerberos "Ticket Granting Ticket" (TGT) and fully impersonate the authenticated user or service.

Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain access to otherwise restricted resources and services.

Mitigation
The vulnerability is patched in versions 4.5.3, 4.4.8 and 4.3.13.

Vulnerable software versions

Samba: 3.0.25 - 3.0.37, 3.1.0, 3.2.0 - 3.2.15, 3.3.0 - 3.3.16, 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.25, 4.0.0 - 4.0.26, 4.1.0 - 4.1.23, 4.2.0 - 4.2.14, 4.3.0 - 4.3.12, 4.4.0 - 4.4.13, 4.5.0 - 4.5.2

---

External links
http://www.samba.org/samba/security/CVE-2016-2125.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.