CVE-2016-2118 PoC — Samba MS-SAMR和MS-LSAD协议安全漏洞

Source

https://github.com/nickanderson/cfengine-CVE-2016-2118

Associated Vulnerability

Title:Samba MS-SAMR和MS-LSAD协议安全漏洞 (CVE-2016-2118)
Description:Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba的MS-SAMR和MS-LSAD协议实现过程中存在安全漏洞，该漏洞源于程序没有正确处理DCERPC连接。攻击者可通过修改client-server数据流利用该漏洞实施中间人攻击和protocol-downgrade攻击，冒充用户。以下版本受到影响：Samba 3.x版本，4.2.11之前4.x版本，4.3.8之前4.3.

Description

An example detection and remediation policy.

File Snapshot


 [4.0K]  /data/pocs/4afdeff1c92e7d934dd1393bc71c6afeac96045a
├── [4.0K]  data
│   ├── [ 654]  centos_5.json
│   └── [ 861]  centos_6.json
├── [4.0K]  docs
│   ├── [8.0K]  blog.org
│   ├── [9.0K]  blog.tex
│   └── [4.7K]  implementation_tutorial.org
├── [4.0K]  extras
│   └── [2.2K]  demo_badlock.cf
├── [1.1K]  LICENSE
├── [7.4K]  main.cf
├── [ 358]  Makefile
├── [4.0K]  media
│   ├── [ 57K]  after_samba_update.png
│   ├── [ 90K]  alert_status_vulnerable_hosts.png
│   ├── [ 14K]  badlock.png
│   ├── [127K]  define_alert.png
│   ├── [ 87K]  inventory_report_vulnerable_cves_chart.png
│   ├── [ 85K]  inventory_report_vulnerable_cves.png
│   └── [ 90K]  vulnerable_cves_inventory_attribute.png
└── [4.2K]  README.org

4 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!