High severity7.5NVD Advisory· Published Apr 12, 2016· Updated May 6, 2026
CVE-2016-2118
CVE-2016-2118
Description
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Affected products
9cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 5 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
45- badlock.orgnvdTechnical DescriptionThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0611.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0612.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0613.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0614.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0618.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0619.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0620.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0621.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0623.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0624.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0625.htmlnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3548nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/86002nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035533nvdThird Party AdvisoryVDB Entry
- www.slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- www.ubuntu.com/usn/USN-2950-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2950-2nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2950-3nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2950-4nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2950-5nvdThird Party Advisory
- access.redhat.com/security/vulnerabilities/badlocknvdThird Party Advisory
- bto.bluecoat.com/security-advisory/sa122nvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesnvdThird Party Advisory
- kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-productsnvdThird Party Advisory
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196nvdThird Party Advisory
- security.gentoo.org/glsa/201612-47nvdThird Party Advisory
- www.kb.cert.org/vuls/id/813296nvdThird Party AdvisoryUS Government Resource
- www.samba.org/samba/history/samba-4.2.10.htmlnvdThird Party Advisory
- www.samba.org/samba/latest_news.htmlnvdVendor Advisory
- www.samba.org/samba/security/CVE-2016-2118.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.