CVE-2016-2112

Name of the Vulnerable Software and Affected Versions Samba versions 3.x through 4.4.1 Samba versions 4.3.x through 4.3.7 Samba versions 4.2.x through 4.2.10

Description The issue is related to a weakness in the security elements of the LDAP library in the Samba network interaction software package. This weakness can be exploited by a remote attacker to impact data integrity. Specifically, the bundled LDAP client library does not recognize the client ldap sasl wrapping setting, allowing man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Recommendations For Samba versions 3.x through 4.4.1, update to version 4.4.2 or later. For Samba versions 4.3.x through 4.3.7, update to version 4.3.8 or later. For Samba versions 4.2.x through 4.2.10, update to version 4.2.11 or later. As a temporary workaround, consider disabling the LDAP client library until a patch is available. Restrict access to the vulnerable LDAP protocol to minimize the risk of exploitation. Avoid using the client ldap sasl wrapping setting in the affected Samba configuration until the issue is resolved.