Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-12-29 22:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5296
Mitre link : CVE-2015-5296
CVE.ORG link : CVE-2015-5296
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
samba
- samba
CWE
CWE-20
Improper Input Validation