[SCM] Samba Website Repository - branch master updated

Stefan Metzmacher metze at samba.org
Tue Nov 9 18:17:10 UTC 2021


The branch, master has been updated
       via  8f637db NEWS[4.15.2]: Samba 4.15.2, 4.14.10 and 4.13.14 Security Releases Available for Download
      from  96771b0 Add Samba 4.13.13

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8f637db9c22c4d37dc60b20731ec0de5f437df26
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Nov 9 18:59:24 2021 +0100

    NEWS[4.15.2]: Samba 4.15.2, 4.14.10 and 4.13.14 Security Releases Available for Download
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |   3 +
 history/samba-4.13.14.html                       | 106 ++++++++++++
 history/samba-4.14.10.html                       | 106 ++++++++++++
 history/samba-4.15.2.html                        | 105 ++++++++++++
 history/security.html                            |  34 ++++
 posted_news/20211108-113640.4.15.2.body.html     |  49 ++++++
 posted_news/20211108-113640.4.15.2.headline.html |   4 +
 security/CVE-2016-2124.html                      | 114 +++++++++++++
 security/CVE-2020-25717.html                     | 197 +++++++++++++++++++++++
 security/CVE-2020-25718.html                     |  89 ++++++++++
 security/CVE-2020-25719.html                     | 130 +++++++++++++++
 security/CVE-2020-25721.html                     | 131 +++++++++++++++
 security/CVE-2020-25722.html                     | 155 ++++++++++++++++++
 security/CVE-2021-23192.html                     | 107 ++++++++++++
 security/CVE-2021-3738.html                      |  83 ++++++++++
 15 files changed, 1413 insertions(+)
 create mode 100644 history/samba-4.13.14.html
 create mode 100644 history/samba-4.14.10.html
 create mode 100644 history/samba-4.15.2.html
 create mode 100644 posted_news/20211108-113640.4.15.2.body.html
 create mode 100644 posted_news/20211108-113640.4.15.2.headline.html
 create mode 100644 security/CVE-2016-2124.html
 create mode 100644 security/CVE-2020-25717.html
 create mode 100644 security/CVE-2020-25718.html
 create mode 100644 security/CVE-2020-25719.html
 create mode 100644 security/CVE-2020-25721.html
 create mode 100644 security/CVE-2020-25722.html
 create mode 100644 security/CVE-2021-23192.html
 create mode 100644 security/CVE-2021-3738.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index 5d40704..7dbe7f8 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,8 +9,10 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.15.2.html">samba-4.15.2</a></li>
 			<li><a href="samba-4.15.1.html">samba-4.15.1</a></li>
 			<li><a href="samba-4.15.0.html">samba-4.15.0</a></li>
+			<li><a href="samba-4.14.10.html">samba-4.14.10</a></li>
 			<li><a href="samba-4.14.9.html">samba-4.14.9</a></li>
 			<li><a href="samba-4.14.8.html">samba-4.14.8</a></li>
 			<li><a href="samba-4.14.7.html">samba-4.14.7</a></li>
@@ -21,6 +23,7 @@
 			<li><a href="samba-4.14.2.html">samba-4.14.2</a></li>
 			<li><a href="samba-4.14.1.html">samba-4.14.1</a></li>
 			<li><a href="samba-4.14.0.html">samba-4.14.0</a></li>
+			<li><a href="samba-4.13.14.html">samba-4.13.14</a></li>
 			<li><a href="samba-4.13.13.html">samba-4.13.13</a></li>
 			<li><a href="samba-4.13.12.html">samba-4.13.12</a></li>
 			<li><a href="samba-4.13.11.html">samba-4.13.11</a></li>
diff --git a/history/samba-4.13.14.html b/history/samba-4.13.14.html
new file mode 100644
index 0000000..6bf24a6
--- /dev/null
+++ b/history/samba-4.13.14.html
@@ -0,0 +1,106 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.14 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.14 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.14.tar.gz">Samba 4.13.14 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.14.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.13-4.13.14.diffs.gz">Patch (gzipped) against Samba 4.13.13</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.13-4.13.14.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.13.14
+                           November 9, 2021
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
+                  authentication.
+                  https://www.samba.org/samba/security/CVE-2016-2124.html
+
+o CVE-2020-25717: A user on the domain can become root on domain members.
+                  https://www.samba.org/samba/security/CVE-2020-25717.html
+                  (PLEASE READ! There are important behaviour changes described)
+
+o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
+                  by an RODC.
+                  https://www.samba.org/samba/security/CVE-2020-25718.html
+
+o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
+                  tickets.
+                  https://www.samba.org/samba/security/CVE-2020-25719.html
+
+o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
+                  (eg objectSid).
+                  https://www.samba.org/samba/security/CVE-2020-25721.html
+
+o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
+                  checking of data stored.
+                  https://www.samba.org/samba/security/CVE-2020-25722.html
+
+o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
+                  https://www.samba.org/samba/security/CVE-2021-3738.html
+
+o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
+                  https://www.samba.org/samba/security/CVE-2021-23192.html
+
+
+Changes since 4.13.13
+---------------------
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * CVE-2020-25722
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+
+o  Ralph Boehme <slow at samba.org>
+   * CVE-2020-25717
+
+o  Alexander Bokovoy <ab at samba.org>
+   * CVE-2020-25717
+
+o  Samuel Cabrero <scabrero at samba.org>
+   * CVE-2020-25717
+
+o  Nadezhda Ivanova <nivanova at symas.com>
+   * CVE-2020-25722
+
+o  Stefan Metzmacher <metze at samba.org>
+   * CVE-2016-2124
+   * CVE-2020-25717
+   * CVE-2020-25719
+   * CVE-2020-25722
+   * CVE-2021-23192
+   * CVE-2021-3738
+   * ldb: version 2.2.3
+
+o  Andreas Schneider <asn at samba.org>
+   * CVE-2020-25719
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * CVE-2020-17049
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+   * MS CVE-2020-17049
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.14.10.html b/history/samba-4.14.10.html
new file mode 100644
index 0000000..0bcb738
--- /dev/null
+++ b/history/samba-4.14.10.html
@@ -0,0 +1,106 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.10 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.10 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.10.tar.gz">Samba 4.14.10 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.10.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.9-4.14.10.diffs.gz">Patch (gzipped) against Samba 4.14.9</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.9-4.14.10.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.14.10
+                           November 9, 2021
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
+                  authentication.
+                  https://www.samba.org/samba/security/CVE-2016-2124.html
+
+o CVE-2020-25717: A user on the domain can become root on domain members.
+                  https://www.samba.org/samba/security/CVE-2020-25717.html
+                  (PLEASE READ! There are important behaviour changes described)
+
+o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
+                  by an RODC.
+                  https://www.samba.org/samba/security/CVE-2020-25718.html
+
+o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
+                  tickets.
+                  https://www.samba.org/samba/security/CVE-2020-25719.html
+
+o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
+                  (eg objectSid).
+                  https://www.samba.org/samba/security/CVE-2020-25721.html
+
+o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
+                  checking of data stored.
+                  https://www.samba.org/samba/security/CVE-2020-25722.html
+
+o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
+                  https://www.samba.org/samba/security/CVE-2021-3738.html
+
+o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
+                  https://www.samba.org/samba/security/CVE-2021-23192.html
+
+
+Changes since 4.14.9
+--------------------
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * CVE-2020-25722
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+
+o  Ralph Boehme <slow at samba.org>
+   * CVE-2020-25717
+
+o  Alexander Bokovoy <ab at samba.org>
+   * CVE-2020-25717
+
+o  Samuel Cabrero <scabrero at samba.org>
+   * CVE-2020-25717
+
+o  Nadezhda Ivanova <nivanova at symas.com>
+   * CVE-2020-25722
+
+o  Stefan Metzmacher <metze at samba.org>
+   * CVE-2016-2124
+   * CVE-2020-25717
+   * CVE-2020-25719
+   * CVE-2020-25722
+   * CVE-2021-23192
+   * CVE-2021-3738
+   * ldb: version 2.3.2
+
+o  Andreas Schneider <asn at samba.org>
+   * CVE-2020-25719
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * CVE-2020-17049
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+   * MS CVE-2020-17049
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.15.2.html b/history/samba-4.15.2.html
new file mode 100644
index 0000000..04bcc55
--- /dev/null
+++ b/history/samba-4.15.2.html
@@ -0,0 +1,105 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.2 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.2 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.gz">Samba 4.15.2 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.gz">Patch (gzipped) against Samba 4.15.1</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.15.2
+                           November 9, 2021
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
+                  authentication.
+                  https://www.samba.org/samba/security/CVE-2016-2124.html
+
+o CVE-2020-25717: A user on the domain can become root on domain members.
+                  https://www.samba.org/samba/security/CVE-2020-25717.html
+                  (PLEASE READ! There are important behaviour changes described)
+
+o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
+                  by an RODC.
+                  https://www.samba.org/samba/security/CVE-2020-25718.html
+
+o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
+                  tickets.
+                  https://www.samba.org/samba/security/CVE-2020-25719.html
+
+o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
+                  (eg objectSid).
+                  https://www.samba.org/samba/security/CVE-2020-25721.html
+
+o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
+                  checking of data stored.
+                  https://www.samba.org/samba/security/CVE-2020-25722.html
+
+o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
+                  https://www.samba.org/samba/security/CVE-2021-3738.html
+
+o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
+                  https://www.samba.org/samba/security/CVE-2021-23192.html
+
+
+Changes since 4.15.1
+--------------------
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * CVE-2020-25722
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+
+o  Ralph Boehme <slow at samba.org>
+   * CVE-2020-25717
+
+o  Alexander Bokovoy <ab at samba.org>
+   * CVE-2020-25717
+
+o  Samuel Cabrero <scabrero at samba.org>
+   * CVE-2020-25717
+
+o  Nadezhda Ivanova <nivanova at symas.com>
+   * CVE-2020-25722
+
+o  Stefan Metzmacher <metze at samba.org>
+   * CVE-2016-2124
+   * CVE-2020-25717
+   * CVE-2020-25719
+   * CVE-2020-25722
+   * CVE-2021-23192
+   * CVE-2021-3738
+
+o  Andreas Schneider <asn at samba.org>
+   * CVE-2020-25719
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * CVE-2020-17049
+   * CVE-2020-25718
+   * CVE-2020-25719
+   * CVE-2020-25721
+   * CVE-2020-25722
+   * MS CVE-2020-17049
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 236f922..ecc3213 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,40 @@ link to full release notes for each release.</p>
 	<td><em>Details</em></td>
       </tr>
 
+    <tr>
+	<td>9 November 2021</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch">
+	patch for Samba 4.15.1</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.14.9-security-2021-11-09.patch">
+	patch for Samba 4.14.9</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.13.13-security-2021-11-09.patch">
+	patch for Samba 4.13.13</a><br />
+	</td>
+	<td>CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
+CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192. Please see announcements for details.
+	</td>
+	<td>Please refer to the advisories.</td>
+	<td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124">CVE-2016-2124</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717">CVE-2020-25717</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718">CVE-2020-25718</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719">CVE-2020-25719</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721">CVE-2020-25721</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722">CVE-2020-25722</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738">CVE-2021-3738</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192">CVE-2021-23192</a>.
+	</td>
+	<td>
+<a href="/samba/security/CVE-2016-2124.html">Announcement</a>, 
+<a href="/samba/security/CVE-2020-25717.html">Announcement</a>, 
+<a href="/samba/security/CVE-2020-25718.html">Announcement</a>, 
+<a href="/samba/security/CVE-2020-25719.html">Announcement</a>, 
+<a href="/samba/security/CVE-2020-25721.html">Announcement</a>, 
+<a href="/samba/security/CVE-2020-25722.html">Announcement</a>, 
+<a href="/samba/security/CVE-2021-3738.html">Announcement</a>, 
+<a href="/samba/security/CVE-2021-23192.html">Announcement</a>.
+	</td>
+    </tr>
     <tr>
 	<td>29 Apr 2021</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
diff --git a/posted_news/20211108-113640.4.15.2.body.html b/posted_news/20211108-113640.4.15.2.body.html
new file mode 100644
index 0000000..00fc078
--- /dev/null
+++ b/posted_news/20211108-113640.4.15.2.body.html
@@ -0,0 +1,49 @@
+<!-- BEGIN: posted_news/20211108-113640.4.15.2.body.html -->
+<h5><a name="4.15.2">09 November 2021</a></h5>
+<p class=headline>Samba 4.15.2, 4.14.10 and 4.13.14 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address 
+<a href="/samba/security/CVE-2016-2124.html">CVE-2016-2124</a>, 
+<a href="/samba/security/CVE-2020-25717.html">CVE-2020-25717</a>, 
+<a href="/samba/security/CVE-2020-25718.html">CVE-2020-25718</a>, 
+<a href="/samba/security/CVE-2020-25719.html">CVE-2020-25719</a>, 
+<a href="/samba/security/CVE-2020-25721.html">CVE-2020-25721</a>, 
+<a href="/samba/security/CVE-2020-25722.html">CVE-2020-25722</a>, 
+<a href="/samba/security/CVE-2021-3738.html">CVE-2021-3738</a> and 
+<a href="/samba/security/CVE-2021-23192.html">CVE-2021-23192</a>.
+</p>
+
+
+<p>Please read the individual advisories,
+as there are important behaviour changes for
+<a href="/samba/security/CVE-2020-25717.html">CVE-2020-25717</a>.
+</p><p>
+There's sadly a regression that "allow trusted domains = no"
+prevents winbindd from starting, we'll try to provide a follow up fix as soon as
+possible.
+</p>
+
+<p>
+The uncompressed Samba tarballs have been signed using GnuPG (ID AA99442FB680B620).
+</p>
+
+<p>
+The Samba 4.15.2 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.gz">patch against Samba 4.15.1</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.2.html">the 4.15.2 release notes for more info</a>.
+</p>
+<p>
+The Samba 4.14.10 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.10.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.14.9-4.14.10.diffs.gz">patch against Samba 4.14.9</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.14.10.html">the 4.14.10 release notes for more info</a>.
+</p>
+<p>
+The Samba 4.13.14 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.14.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.13.13-4.13.14.diffs.gz">patch against Samba 4.13.13</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.13.14.html">the 4.13.14 release notes for more info</a>.
+</p>
+
+<!-- END: posted_news/20211108-113640.4.15.2.body.html -->
diff --git a/posted_news/20211108-113640.4.15.2.headline.html b/posted_news/20211108-113640.4.15.2.headline.html
new file mode 100644
index 0000000..1ae9538
--- /dev/null
+++ b/posted_news/20211108-113640.4.15.2.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20211108-113640.4.15.2.headline.html -->
+<li> 09 November 2021 <a href="#4.15.2">Samba 4.15.2, 4.14.10 and
+4.13.14 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20211108-113640.4.15.2.headline.html -->
diff --git a/security/CVE-2016-2124.html b/security/CVE-2016-2124.html
new file mode 100644
index 0000000..f5e9922
--- /dev/null
+++ b/security/CVE-2016-2124.html
@@ -0,0 +1,114 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2016-2124.html:</H2>
+
+<p>
+<pre>
+=====================================================================================
+== Subject:     SMB1 client connections can be downgraded to plaintext authentication
+==
+== CVE ID#:     CVE-2016-2124
+==
+== Versions:    Samba 3.0.0 to 4.15.1
+==
+== Summary:     A man in the middle attack can force the client side SMB1 code
+==              to fall-back to plaintext or NTLM based authentication even if
+==              Kerberos authentication was requested by the user or application.
+==
+=====================================================================================


-- 
Samba Website Repository



More information about the samba-cvs mailing list