MGASA-2016-0431

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2016-2125

Published: 30 Dec 2016, 15:00

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Dec 2016, 15:00

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated samba packages fix security vulnerability Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service (CVE-2016-2125).

Affected Systems

mageia•samba
< 3.6.25-2.6.mga5

References (3)

https://advisories.mageia.org/MGASA-2016-0431.html
https://bugs.mageia.org/show_bug.cgi?id=19985
https://www.samba.org/samba/security/CVE-2016-2125.html