Updated: 2024-09-16 20:49:36.943895
Description:
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.9 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 8.4 ELS | samba | 4.13.3-5 | 5.9 | MEDIUM | Not Vulnerable | 2024-06-11 05:58:41 | |
CentOS 8.5 ELS | samba | 4.14.5-7 | 5.9 | MEDIUM | Not Vulnerable | 2024-06-11 05:58:41 |