CVE-2016-2125

Description

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
• v2.0•LOW•Score: 3.3AV:A/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 8.66%• Percentile: 93%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

• CWE-287•Improper Authentication

  When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

• redhat•enterprise_linux_desktop

  6.0 | 7.0

• redhat•enterprise_linux_server

  6.0 | 7.0

• redhat•enterprise_linux_server_aus

  7.4 | 7.6

• redhat•enterprise_linux_server_eus

  7.3 | 7.4 | 7.5 | 7.6

• redhat•enterprise_linux_server_tus

  7.3 | 7.6

• redhat•enterprise_linux_workstation

  6.0 | 7.0

• redhat•gluster_storage

  3.0

• samba•samba

  ≥ 3.0.25, < 4.3.13 | ≥ 4.4.0, < 4.4.8 | ≥ 4.5.0, < 4.5.3

• [unknown]•samba

  4.5.3 | 4.4.8 | 4.3.13

References (9)

• http://rhn.redhat.com/errata/RHSA-2017-0495.html
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
• http://rhn.redhat.com/errata/RHSA-2017-0494.html
• http://www.securitytracker.com/id/1037494
• https://access.redhat.com/errata/RHSA-2017:1265
• http://www.securityfocus.com/bid/94988
• https://www.samba.org/samba/security/CVE-2016-2125.html
• http://rhn.redhat.com/errata/RHSA-2017-0744.html
• http://rhn.redhat.com/errata/RHSA-2017-0662.html