CVE-2016-2125 samba: Unconditional privilege delegation to Kerberos servers in trusted realms

CVE ID

CVE-2016-2125

DESCRIPTION

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

RESOLUTION

  • CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4.  Please update to latest version
  • CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us