Samba 3.x and 4.x prior to 4.1.22, 4.2.x prior to 4.2.7, and 4.3.x prior to 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle malicious users to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
samba samba |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |