PT-2016-5022 · Samba Team+6 · Samba+5

Huzaifa S. Sidhpurwala

Published

2016-12-19

Updated

2024-06-15

CVE-2016-2125

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.5.3 Samba versions prior to 4.4.8 Samba versions prior to 4.3.13

Description The issue allows attackers to impersonate the authenticated user or service using a forwardable Kerberos "Ticket Granting Ticket" (TGT) when Samba uses Kerberos authentication. This occurs because Samba always requested forwardable tickets. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later. For versions prior to 4.4.8, update to version 4.4.8 or later. For versions prior to 4.3.13, update to version 4.3.13 or later.

Exploit

Fix

RCE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-287

Related Identifiers

ALT-PU-2016-2465

ALT-PU-2016-2466

ALT-PU-2018-2488

ALT-PU-2018-2489

AZL-44208

CESA-2017_0662

CESA-2017_0744

CESA-2017_1265

CVE-2016-2125

DLA-776-1

DSA-3740-1

ECHO-E6B5-3B2A-9C32

MGASA-2016-0431

OPENSUSE-SU-2024:11365-1

RHSA-2017:0494

RHSA-2017:0495

RHSA-2017:0662

RHSA-2017:0744

RHSA-2017:1265

RHSA-2017_0662

RHSA-2017_0744

RHSA-2017_1265

SUSE-SU-2016:3271-1

SUSE-SU-2016:3272-1

SUSE-SU-2016:3298-1

SUSE-SU-2016:3299-1

SUSE-SU-2016:3300-1

SUSE-SU-2016_3298-1

SUSE-SU-2016_3300-1

USN-3158-1

Affected Products

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2016-5022 · Samba Team+6 · Samba+5

CVE-2016-2125

Weakness Enumeration

Related Identifiers

Affected Products

References · 130