Andreas Schneider

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libssh2 versions prior to 1.7.0 **Description** The issue arises from a "bits/bytes confusion bug" in the diffie hellman sha256 function, which improperly truncates secrets to 128 or 256 bits. This makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting SSH sessions to minimize the risk of exploitation.