Back to search
CVE-2016-2125
Published: Oct 31, 2018
Modified: Aug 5, 2024
PUBLISHED
CVSS v3.0
6.4
MEDIUM
Description
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
| Vendor | Product | Versions |
|---|---|---|
[UNKNOWN] | samba | affected 4.5.3affected 4.4.8affected 4.3.13 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
References
RHSA-2017:0495
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
x_refsource_CONFIRM
RHSA-2017:0494
vendor-advisory
x_refsource_REDHAT
1037494
vdb-entry
x_refsource_SECTRACK
RHSA-2017:1265
vendor-advisory
x_refsource_REDHAT
94988
vdb-entry
x_refsource_BID
https://www.samba.org/samba/security/CVE-2016-2125.html
x_refsource_CONFIRM
RHSA-2017:0744
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0662
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now