CVE-2016-2119

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2119
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2119.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2119
Downstream
Related
Published
2016-07-07T15:59:00.133Z
Modified
2026-03-20T11:05:39.685871Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2SESSIONFLAGISGUEST or (2) SMB2SESSIONFLAGIS_NULL flag.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
df33344d8eb40221d60c99931690703a11d91bc2
Fixed
c7c5fe127366aa8edb69247f80a4e015969cf1b3
Introduced
b85f6018c803fb9aad82820d4b5505179ec5bac3
Fixed
c7bc0175839f5090a51acb34b1c0f8331b95ffe5
Introduced
30812c414bb0ceb95abae08c35b94b2f97be4c5c
Fixed
fb3e6296bb09534f882ea35e7f7ca4e5871d3222
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.2.14"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.11"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.5"
        }
    ]
}

Affected versions

samba-4.*
samba-4.3.0
samba-4.3.1
samba-4.3.10
samba-4.3.2
samba-4.3.3
samba-4.3.4
samba-4.3.5
samba-4.3.6
samba-4.3.7
samba-4.3.8
samba-4.3.9
samba-4.4.0
samba-4.4.1
samba-4.4.2
samba-4.4.3
samba-4.4.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2119.json"