Improper authentication in samba (Alpine package)



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-2125
CWE-ID CWE-287
Exploitation vector Local network
Public exploit N/A
Vulnerable software
 samba (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper authentication

EUVDB-ID: #VU6628

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-2125

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker on the local network to bypass Kerberos authentication.

The vulnerability exists due to design error when implementing Kerberos authentication. An attacker with access to local network can place a fake Samba server, intercept a valid general purpose Kerberos "Ticket Granting Ticket" (TGT) and fully impersonate the authenticated user or service.

Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain access to otherwise restricted resources and services.

Mitigation

Install update from vendor's website.

Vulnerable software versions

samba (Alpine package): 3.4.8-r0 - 4.2.14-r0

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=70271759e87dbeef4f90e6dcae9183d5ea5e3048
https://git.alpinelinux.org/aports/commit/?id=3dfb07619755d258fed8bfd510b53e3d8a692361
https://git.alpinelinux.org/aports/commit/?id=80cc0ea448006f152c00467301743534bcd0ee65


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###