High severity7.5NVD Advisory· Published Jul 7, 2016· Updated Jun 17, 2026
CVE-2016-2119
CVE-2016-2119
Description
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=4.0.0,<4.2.14
- (no CPE)range: <4.2.14 (4.x), <4.3.11 (4.3.x), <4.4.5 (4.4.x)
- osv-coords7 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 4.5.0-1.1+ 6 more
- (no CPE)range: < 4.5.0-1.1
- (no CPE)range: < 4.2.4-26.2
- (no CPE)range: < 4.2.4-26.2
- (no CPE)range: < 4.2.4-26.2
- (no CPE)range: < 4.2.4-18.27.9
- (no CPE)range: < 4.2.4-26.2
- (no CPE)range: < 4.2.4-26.2
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-updates/2016-07/msg00060.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1486.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1487.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1494.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91700nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036244nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201805-07nvdThird Party Advisory
- www.samba.org/samba/security/CVE-2016-2119.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.