CVE-2016-2125: Input Validation
First published: Fri Dec 09 2016(Updated: )
As per upstream: Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service. The risks of impersonation of the client are similar to the well known risks from forwarding of NTLM credentials, with two important differences: - NTLM forwarding can and should be mitigated with packet signing - Kerberos forwarding can only be attempted after the trusted destination server decrypts the ticket. Finally, it should be noted that typically the connections involved are either explicitly requested, or are between or to Domain Controllers already of ultimate privilege.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <4.5.3 | 4.5.3 |
| redhat/samba | <4.4.8 | 4.4.8 |
| redhat/samba | <4.3.13 | 4.3.13 |
| Samba Samba | >=3.0.25<4.3.13 | |
| Samba Samba | >=4.4.0<4.4.8 | |
| Samba Samba | >=4.5.0<4.5.3 | |
| Redhat Gluster Storage | =3.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.3 | |
| Redhat Enterprise Linux Server Eus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.5 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.3 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2017-0494.html
- http://rhn.redhat.com/errata/RHSA-2017-0495.html
- http://rhn.redhat.com/errata/RHSA-2017-0662.html
- http://rhn.redhat.com/errata/RHSA-2017-0744.html
- http://www.securityfocus.com/bid/94988
- http://www.securitytracker.com/id/1037494
- https://access.redhat.com/errata/RHSA-2017:1265
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
- https://www.samba.org/samba/security/CVE-2016-2125.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1405984
- https://rhn.redhat.com/errata/RHSA-2017-0662.html
- https://rhn.redhat.com/errata/RHSA-2017-0744.html
- https://rhn.redhat.com/errata/RHSA-2017-0494.html
- https://rhn.redhat.com/errata/RHSA-2017-0495.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1403114
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-2125
- agent/software-canonical-lookup
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/samba
- canonical/samba samba
- version/samba samba/3.0.25
- version/samba samba/4.4.0
- version/samba samba/4.5.0
- vendor/redhat
- canonical/redhat gluster storage
- version/redhat gluster storage/3.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- package-manager/redhat