Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Related bugs and status

CVE-2016-2118 (Candidate) is related to these bugs:

Bug #1566348: Patch the Badlock bug in the initial release of Ubuntu 16.04

Summary				In	Importance	Status
	1566348	Patch the Badlock bug in the initial release of Ubuntu 16.04		samba (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.samba.org/...
CONFIRM: https://kb.pulsesecure...
UBUNTU: USN-2950-5
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
BID: 86002
CONFIRM: https://access.redhat....
CONFIRM: https://www.samba.org/...
REDHAT: RHSA-2016:0611
REDHAT: RHSA-2016:0613
REDHAT: RHSA-2016:0614
REDHAT: RHSA-2016:0618
REDHAT: RHSA-2016:0619
REDHAT: RHSA-2016:0620
REDHAT: RHSA-2016:0621
REDHAT: RHSA-2016:0623
REDHAT: RHSA-2016:0624
REDHAT: RHSA-2016:0625
REDHAT: RHSA-2016:0612
UBUNTU: USN-2950-3
UBUNTU: USN-2950-4
MISC: http://badlock.org/
CONFIRM: https://bto.bluecoat.c...
CONFIRM: https://www.samba.org/...
DEBIAN: DSA-3548
FEDORA: FEDORA-2016-383fce04e2
FEDORA: FEDORA-2016-48b3761baa
FEDORA: FEDORA-2016-be53260726
SUSE: SUSE-SU-2016:1022
SUSE: SUSE-SU-2016:1023
SUSE: SUSE-SU-2016:1024
SUSE: SUSE-SU-2016:1028
SUSE: openSUSE-SU-2016:1025
SUSE: openSUSE-SU-2016:1064
SUSE: openSUSE-SU-2016:1106
SUSE: openSUSE-SU-2016:1107
UBUNTU: USN-2950-1
UBUNTU: USN-2950-2
CERT-VN: VU#813296
SECTRACK: 1035533
GENTOO: GLSA-201612-47
SLACKWARE: SSA:2016-106-02
CONFIRM: https://kb.netapp.com/...
CONFIRM: https://help.ecostruxu...