Vulnerability CVE-2016-2125: Information

Description

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2125

Published: Oct. 31, 2018

Modified: Nov. 7, 2023

Error type identifier: CWE-20

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
samba	sisyphus	4.5.3-alt1.S1	4.20.1-alt2	ALT-PU-2016-2465-1	175127	Fixed
samba	p10	4.5.3-alt1.S1	4.19.6-alt2	ALT-PU-2016-2465-1	175127	Fixed
samba	p9	4.5.3-alt1.S1	4.14.10-alt2	ALT-PU-2016-2465-1	175127	Fixed
samba	p8	4.5.3-alt1.M80P.1	4.9.18-alt1	ALT-PU-2016-2468-1	175128	Fixed
samba	c10f1	4.5.3-alt1.S1	4.16.11-alt2	ALT-PU-2016-2465-1	175127	Fixed
samba	c9f2	4.5.3-alt1.S1	4.14.14-alt0.c9.1	ALT-PU-2016-2465-1	175127	Fixed
samba	c7	4.3.13-alt0.M70C.2	4.6.15-alt1.M70C.1	ALT-PU-2017-1360-1	175473	Fixed
samba	p11	4.5.3-alt1.S1	4.20.1-alt1	ALT-PU-2016-2465-1	175127	Fixed
samba-DC	p8	4.5.3-alt1.M80P.1	4.9.18-alt1	ALT-PU-2016-2469-1	175128	Fixed
samba-DC	c7	4.4.14-alt0.M70C.1	4.6.15-alt1.M70C.1	ALT-PU-2017-1671-1	183462	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.samba.org/samba/security/CVE-2016-2125.html	Mitigation Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125	Mitigation Issue Tracking Third Party Advisory
RHSA-2017:1265	Third Party Advisory
1037494	Third Party Advisory VDB Entry
94988	Third Party Advisory VDB Entry
RHSA-2017:0744	Third Party Advisory
RHSA-2017:0662	Third Party Advisory
RHSA-2017:0495	Third Party Advisory
RHSA-2017:0494	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
  Start including
  4.4.0
  End excliding
  4.4.8
  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
  Start including
  4.5.0
  End excliding
  4.5.3
  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
  Start including
  3.0.25
  End excliding
  4.3.13
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2016-2125: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2