Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samba 安全漏洞
Vulnerability Description
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba中的libcli/smb/smbXcli_base.c文件中存在安全漏洞。攻击者可借助SMB2_SESSION_FLAG_IS_GUEST或SMB2_SESSION_FLAG_IS_NULL标识利用该漏洞实施中间人攻击,绕过client-signing保护机制,欺骗SMB2和SMB3服务器。以下版本受到影响:Samba
CVSS Information
N/A
Vulnerability Type
N/A