CVE-2016-2112
5.9
MEDIUM
CVSS 3.1
EPSS 16.6%
Description
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
How to fix CVE-2016-2112
To remediate CVE-2016-2112, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 2:4.3.7+dfsg-1 or later
Is CVE-2016-2112 being exploited?
Moderate — EPSS is 16.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2:4.3.7+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |