FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- client side SMB2/3 required signing can be downgraded

Affected packages
4.0.0 <= samba4 <= 4.0.26
4.1.0 <= samba41 <= 4.1.23
4.2.0 <= samba42 < 4.2.14
4.3.0 <= samba43 < 4.3.11
4.4.0 <= samba44 < 4.4.5

Details

VuXML ID 4729c849-4897-11e6-b704-000c292e4fd8
Discovery 2016-07-07
Entry 2016-07-13

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.

References

CVE Name CVE-2016-2119
URL https://www.samba.org/samba/security/CVE-2016-2119.html