CVE-2016-2124
First published: Wed Nov 03 2021(Updated: )
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <0:4.10.16-17.el7_9 | 0:4.10.16-17.el7_9 |
| redhat/samba | <0:4.14.5-7.el8_5 | 0:4.14.5-7.el8_5 |
| redhat/samba | <0:4.11.2-18.el8_2 | 0:4.11.2-18.el8_2 |
| redhat/samba | <0:4.13.3-8.el8_4 | 0:4.13.3-8.el8_4 |
| redhat/samba | <0:4.11.6-114.el7 | 0:4.11.6-114.el7 |
| redhat/samba | <0:4.14.5-204.el8 | 0:4.14.5-204.el8 |
| redhat/samba | <4.15.2 | 4.15.2 |
| redhat/samba | <4.14.10 | 4.14.10 |
| redhat/samba | <4.13.14 | 4.13.14 |
| debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.1+dfsg-2 | |
| Samba | >=3.0.0<4.13.14 | |
| Samba | >=4.14.0<4.14.10 | |
| Samba | >=4.15.0<4.15.2 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Red Hat Fedora | =33 | |
| Red Hat Fedora | =34 | |
| Red Hat Fedora | =35 | |
| Red Hat CodeReady Linux Builder | ||
| Red Hat Gluster Storage | =3.0 | |
| Red Hat Gluster Storage | =3.5 | |
| Red Hat OpenStack for IBM Power | =13 | |
| Red Hat OpenStack for IBM Power | =16.1 | |
| Red Hat OpenStack for IBM Power | =16.2 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux for IBM Z Systems | =7.0 | |
| Red Hat Enterprise Linux for IBM Z Systems | =8.0 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.2 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.4 | |
| Red Hat Enterprise Linux for Power, big endian | =7.0 | |
| Red Hat Enterprise Linux for Power, little endian | =7.0 | |
| Red Hat Enterprise Linux for Power, little endian | =8.0 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for Scientific Computing | =7.0 | |
| Red Hat Enterprise Linux Resilient Storage | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.2 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.4 | |
| Red Hat Enterprise Linux | =8.2 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| Ubuntu | =21.04 | |
| Ubuntu | =21.10 |
Remedy
Ensure the following [global] smb.conf parameters are set to their default values as shown below: ~~~ client lanman auth = no client NTLMv2 auth = yes client plaintext auth = no client min protocol = SMB2_02 ~~~ Or use the '-k' command line option only without the -U option, which will make use of an existing krb5 ccache.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2019660
- https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2016-2124.html
- https://www.cve.org/CVERecord?id=CVE-2016-2124 https://nvd.nist.gov/vuln/detail/CVE-2016-2124 https://www.samba.org/samba/security/CVE-2016-2124.html
- https://access.redhat.com/errata/RHSA-2021:5192
- https://access.redhat.com/errata/RHSA-2021:5082
- https://access.redhat.com/errata/RHSA-2022:0074
- https://access.redhat.com/errata/RHSA-2022:0008
- https://access.redhat.com/errata/RHSA-2021:4844
- https://access.redhat.com/errata/RHSA-2021:4843
- https://access.redhat.com/security/cve/cve-2016-2124
- https://launchpad.net/bugs/cve/CVE-2016-2124
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2021711
- https://bugzilla.samba.org/show_bug.cgi?id=12444
- https://security-tracker.debian.org/tracker/CVE-2016-2124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
- https://nvd.nist.gov/vuln/detail/CVE-2016-2124
- https://ubuntu.com/security/CVE-2016-2124
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2016-2124?
CVE-2016-2124 is classified as a medium severity vulnerability.
How do I fix CVE-2016-2124?
To fix CVE-2016-2124, upgrade Samba to the latest version that is not affected, specifically versions 4.10.16-17.el7_9, 4.14.5-7.el8_5, or later.
What systems are affected by CVE-2016-2124?
CVE-2016-2124 affects multiple versions of the Samba software across Red Hat Enterprise Linux, Debian, and Ubuntu environments.
What types of attacks can exploit CVE-2016-2124?
An attacker can exploit CVE-2016-2124 by downgrading an SMB1 client connection to retrieve plaintext passwords.
Is there a workaround for CVE-2016-2124?
Disabling SMB1 on affected systems can serve as a temporary workaround for CVE-2016-2124 until a complete upgrade is applied.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-2124
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/trending
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/samba
- canonical/samba
- version/samba/3.0.0
- version/samba/4.14.0
- version/samba/4.15.0
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- version/red hat fedora/34
- version/red hat fedora/35
- vendor/redhat
- canonical/red hat codeready linux builder
- canonical/red hat gluster storage
- version/red hat gluster storage/3.0
- version/red hat gluster storage/3.5
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/13
- version/red hat openstack for ibm power/16.1
- version/red hat openstack for ibm power/16.2
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.2
- version/red hat enterprise linux server eus/8.4
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/7.0
- version/red hat enterprise linux for ibm z systems/8.0
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.2
- version/red hat enterprise linux for ibm z systems (s390x)/8.4
- canonical/red hat enterprise linux for power, big endian
- version/red hat enterprise linux for power, big endian/7.0
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/7.0
- version/red hat enterprise linux for power, little endian/8.0
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.2
- version/red hat enterprise linux for power, little endian - extended update support/8.4
- canonical/red hat enterprise linux for scientific computing
- version/red hat enterprise linux for scientific computing/7.0
- canonical/red hat enterprise linux resilient storage
- version/red hat enterprise linux resilient storage/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- canonical/red hat enterprise linux server update services for sap solutions
- version/red hat enterprise linux server update services for sap solutions/8.2
- version/red hat enterprise linux server update services for sap solutions/8.4
- version/red hat enterprise linux/8.2
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/20.04
- version/ubuntu/21.04
- version/ubuntu/21.10