CVE-2015-5296

CVSS V2 Medium 4.3 CVSS V3 Medium 5.4
Description
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Overview
  • CVE ID
  • CVE-2015-5296
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2015-12-29T22:59:02
  • Last Modified Date
  • 2022-08-29T20:06:57
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 3.2.0 4.1.22
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 4.2.0 4.2.7
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 1 OR 4.3.0 4.3.3
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 5.4
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.2
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1290292
https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895
https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://www.samba.org/samba/security/CVE-2015-5296.html Vendor Advisory
https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.securityfocus.com/bid/79732
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.ubuntu.com/usn/USN-2855-2
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://www.ubuntu.com/usn/USN-2855-1
http://www.securitytracker.com/id/1034493
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://www.debian.org/security/2016/dsa-3433
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
https://security.gentoo.org/glsa/201612-47
History
Created Old Value New Value Data Type Notes
2022-05-10 18:00:22 Added to TrackCVE
2022-12-02 07:41:59 2015-12-29T22:59Z 2015-12-29T22:59:02 CVE Published Date updated
2022-12-02 07:41:59 2022-08-29T20:06:57 CVE Modified Date updated
2022-12-02 07:41:59 Analyzed Vulnerability Status updated