CVE-2016-2124
Publication date 9 November 2021
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Status
Package | Ubuntu Release | Status |
---|---|---|
samba | 24.10 oracular |
Fixed 2:4.13.14+dfsg-0ubuntu1
|
24.04 LTS noble |
Fixed 2:4.13.14+dfsg-0ubuntu1
|
|
22.04 LTS jammy |
Fixed 2:4.13.14+dfsg-0ubuntu1
|
|
20.04 LTS focal |
Fixed 2:4.13.14+dfsg-0ubuntu0.20.04.1
|
|
18.04 LTS bionic |
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.26
|
|
16.04 LTS xenial |
Vulnerable
|
|
14.04 LTS trusty |
Vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 · Medium |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-5142-1
- Samba vulnerabilities
- 11 November 2021
- USN-5174-1
- Samba vulnerabilities
- 6 December 2021