CVE-2016-2111

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Implementation Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Adjacent Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 25/04/16 - Updated on 31/12/16

Description

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

Category: Implementation Error

CWE-254 (Security Features)
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Security Notices

US National Vulnerability DatabaseCVE-2016-2111
Amazon Linux ALAS-2016-686
Arch Linux ASA-201604-13
CentOS CESA-2016:0611, CESA-2016:0612, CESA-2016:0613, CESA-2016:0621
Debian DSA-3548-1
Oracle Linux ELSA-2016-0611, ELSA-2016-0613, ELSA-2016-0621, ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2016:0611, RHSA-2016:0612, RHSA-2016:0613, RHSA-2016:0614, RHSA-2016:0618, RHSA-2016:0619, RHSA-2016:0620, RHSA-2016:0621, RHSA-2016:0623, RHSA-2016:0624, RHSA-2016:0625
Renater 2016/VULN153
SUSE SUSE-SU-2016:1022, SUSE-SU-2016:1023, SUSE-SU-2016:1024, SUSE-SU-2016:1028, SUSE-SU-2016:1105
Ubuntu USN-2950-1, USN-2950-2, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail