|Description||It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|samba (PTS)||buster, buster (security)||2:4.9.5+dfsg-5+deb10u3||fixed|
|bullseye (security), bullseye||2:4.13.13+dfsg-1~deb11u5||fixed|
The information below is based on the following data on fixed versions.