CVE-2016-2124

First published: Wed Nov 03 2021(Updated: )

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Samba Samba	>=3.0.0<4.13.14
Samba Samba	>=4.14.0<4.14.10
Samba Samba	>=4.15.0<4.15.2
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Redhat Codeready Linux Builder
Redhat Gluster Storage	=3.0
Redhat Gluster Storage	=3.5
Redhat Openstack	=13
Redhat Openstack	=16.1
Redhat Openstack	=16.2
Redhat Virtualization Host	=4.0
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.2
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux For Ibm Z Systems	=7.0
Redhat Enterprise Linux For Ibm Z Systems	=8.0
Redhat Enterprise Linux For Ibm Z Systems Eus	=8.2
Redhat Enterprise Linux For Ibm Z Systems Eus	=8.4
Redhat Enterprise Linux For Power Big Endian	=7.0
Redhat Enterprise Linux For Power Little Endian	=7.0
Redhat Enterprise Linux For Power Little Endian	=8.0
Redhat Enterprise Linux For Power Little Endian Eus	=8.2
Redhat Enterprise Linux For Power Little Endian Eus	=8.4
Redhat Enterprise Linux For Scientific Computing	=7.0
Redhat Enterprise Linux Resilient Storage	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=8.2
Redhat Enterprise Linux Server Aus	=8.4
Redhat Enterprise Linux Server Tus	=8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions	=8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions	=8.4
Redhat Enterprise Linux Tus	=8.2
Redhat Enterprise Linux Workstation	=7.0
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Canonical Ubuntu Linux	=21.04
Canonical Ubuntu Linux	=21.10
redhat/samba	<0:4.10.16-17.el7_9	0:4.10.16-17.el7_9
redhat/samba	<0:4.14.5-7.el8_5	0:4.14.5-7.el8_5
redhat/samba	<0:4.11.2-18.el8_2	0:4.11.2-18.el8_2
redhat/samba	<0:4.13.3-8.el8_4	0:4.13.3-8.el8_4
redhat/samba	<0:4.11.6-114.el7	0:4.11.6-114.el7
redhat/samba	<0:4.14.5-204.el8	0:4.14.5-204.el8
redhat/samba	<4.15.2	4.15.2
redhat/samba	<4.14.10	4.14.10
redhat/samba	<4.13.14	4.13.14
ubuntu/samba	<2:4.7.6+dfsg~ubuntu-0ubuntu2.26	2:4.7.6+dfsg~ubuntu-0ubuntu2.26
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu0.20.04.1	2:4.13.14+dfsg-0ubuntu0.20.04.1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu0.21.04.1	2:4.13.14+dfsg-0ubuntu0.21.04.1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu0.21.10.1	2:4.13.14+dfsg-0ubuntu0.21.10.1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu1	2:4.13.14+dfsg-0ubuntu1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu1	2:4.13.14+dfsg-0ubuntu1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu1	2:4.13.14+dfsg-0ubuntu1
ubuntu/samba	<2:4.13.14+dfsg-0ubuntu1	2:4.13.14+dfsg-0ubuntu1
ubuntu/samba	<4.13.14	4.13.14
debian/samba	<=2:4.9.5+dfsg-5+deb10u3	2:4.9.5+dfsg-5+deb10u5 2:4.13.13+dfsg-1~deb11u5 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.19.5+dfsg-1 2:4.19.6+dfsg-1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=2019660

Remedy

Ensure the following [global] smb.conf parameters are set to their default values as shown below: ~~~ client lanman auth = no client NTLMv2 auth = yes client plaintext auth = no client min protocol = SMB2_02 ~~~ Or use the '-k' command line option only without the -U option, which will make use of an existing krb5 ccache.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/nvd-api
collector/redhat-cve
collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-2124
agent/event
agent/description
agent/author
agent/tags
agent/severity
agent/weakness
agent/remedy
agent/references
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/samba
canonical/samba samba
version/samba samba/3.0.0
version/samba samba/4.14.0
version/samba samba/4.15.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
version/fedoraproject fedora/34
version/fedoraproject fedora/35
vendor/redhat
canonical/redhat codeready linux builder
canonical/redhat gluster storage
version/redhat gluster storage/3.0
version/redhat gluster storage/3.5
canonical/redhat openstack
version/redhat openstack/13
version/redhat openstack/16.1
version/redhat openstack/16.2
canonical/redhat virtualization host
version/redhat virtualization host/4.0
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
canonical/redhat enterprise linux for ibm z systems
version/redhat enterprise linux for ibm z systems/7.0
version/redhat enterprise linux for ibm z systems/8.0
canonical/redhat enterprise linux for ibm z systems eus
version/redhat enterprise linux for ibm z systems eus/8.2
version/redhat enterprise linux for ibm z systems eus/8.4
canonical/redhat enterprise linux for power big endian
version/redhat enterprise linux for power big endian/7.0
canonical/redhat enterprise linux for power little endian
version/redhat enterprise linux for power little endian/7.0
version/redhat enterprise linux for power little endian/8.0
canonical/redhat enterprise linux for power little endian eus
version/redhat enterprise linux for power little endian eus/8.2
version/redhat enterprise linux for power little endian eus/8.4
canonical/redhat enterprise linux for scientific computing
version/redhat enterprise linux for scientific computing/7.0
canonical/redhat enterprise linux resilient storage
version/redhat enterprise linux resilient storage/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.4
canonical/redhat enterprise linux server update services for sap solutions
version/redhat enterprise linux server update services for sap solutions/8.2
version/redhat enterprise linux server update services for sap solutions/8.4
canonical/redhat enterprise linux tus
version/redhat enterprise linux tus/8.2
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
version/canonical ubuntu linux/21.04
version/canonical ubuntu linux/21.10
package-manager/redhat
package-manager/debian
package-manager/ubuntu

CVE-2016-2124

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact