Andrew Bartlett abartlet at
Sun Jun 26 01:50:13 UTC 2016

On Sat, 2016-06-25 at 17:51 +0000, vishal wrote:
> == CVE ID#:     CVE-2016-2110
> ==
> == Versions:    Samba 3.0.0 to 4.4.0
> ==
> == Summary:     The feature negotiation of NTLMSSP is not
> ==              downgrade protected. A man in the middle is
> ==              able to clear even required flags, especially
> ==              Which has implications on encrypted LDAP traffic.
> Hi,
> Can you confirm if this vulnerability is for cifs client to samba
> server or samba to Active directory as this talks about LDAP traffic?
> Thanks,Vishal

LDAP.  SMB doesn't use the flags negotiated here, but its own
negotiation (happily in this case, but sadly in general as every
special hack ends up coming back to bite us...).

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list