CVE-2016-2110

vishal vicky_recw at yahoo.com
Sat Jun 25 17:51:26 UTC 2016


== CVE ID#:     CVE-2016-2110
==
== Versions:    Samba 3.0.0 to 4.4.0
==
== Summary:     The feature negotiation of NTLMSSP is not
==              downgrade protected. A man in the middle is
==              able to clear even required flags, especially
==              NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
==              Which has implications on encrypted LDAP traffic.
Hi,
Can you confirm if this vulnerability is for cifs client to samba server or samba to Active directory as this talks about LDAP traffic?
Thanks,Vishal


More information about the samba-technical mailing list