Changes made to bug 1311903

Back to bug 1311903

Who	When	What	Removed	Added
Adam Mariš	2016-02-25 10:00:58 UTC	CC		security-response-team
Red Hat Bugzilla	2016-02-25 10:00:58 UTC	Doc Type	---	Bug Fix
Adam Mariš	2016-02-25 10:17:31 UTC	Blocks		1311915
Huzaifa S. Sidhpurwala	2016-03-29 09:19:17 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=new,rhel-5/samba3x=new,rhel-6/samba4=new,rhel-6/samba=new,rhel-7/samba=new,rhes-3.1/samba=new,fedora-all/samba=affected	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=notaffected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected
Huzaifa S. Sidhpurwala	2016-03-29 09:20:16 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=notaffected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected
Huzaifa S. Sidhpurwala	2016-03-31 06:26:17 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected
Huzaifa S. Sidhpurwala	2016-03-31 06:29:06 UTC	Depends On		1322684
Huzaifa S. Sidhpurwala	2016-03-31 06:29:16 UTC	Depends On		1322685
Huzaifa S. Sidhpurwala	2016-03-31 06:29:23 UTC	Depends On		1322686
Huzaifa S. Sidhpurwala	2016-03-31 06:29:33 UTC	Depends On		1322687
Huzaifa S. Sidhpurwala	2016-03-31 06:29:41 UTC	Depends On		1322688
Huzaifa S. Sidhpurwala	2016-03-31 06:29:51 UTC	Depends On		1322689
Huzaifa S. Sidhpurwala	2016-03-31 06:29:59 UTC	Depends On		1322690
Huzaifa S. Sidhpurwala	2016-03-31 06:30:09 UTC	Depends On		1322691
Huzaifa S. Sidhpurwala	2016-03-31 06:30:17 UTC	Depends On		1322692
Huzaifa S. Sidhpurwala	2016-03-31 08:23:07 UTC	CC		abokovoy, madam
Huzaifa S. Sidhpurwala	2016-03-31 08:32:51 UTC	CC		rhack
Huzaifa S. Sidhpurwala	2016-04-07 10:34:23 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected
Huzaifa S. Sidhpurwala	2016-04-07 10:42:50 UTC	Depends On		1324800
Huzaifa S. Sidhpurwala	2016-04-07 10:42:59 UTC	Depends On		1324801
Huzaifa S. Sidhpurwala	2016-04-07 10:43:07 UTC	Depends On		1324802
Huzaifa S. Sidhpurwala	2016-04-07 10:43:17 UTC	Depends On		1324803
Huzaifa S. Sidhpurwala	2016-04-07 10:43:25 UTC	Depends On		1324804
Huzaifa S. Sidhpurwala	2016-04-07 10:43:34 UTC	Depends On		1324805
Huzaifa S. Sidhpurwala	2016-04-07 10:43:42 UTC	Depends On		1324806
Huzaifa S. Sidhpurwala	2016-04-07 10:43:52 UTC	Depends On		1324807
Huzaifa S. Sidhpurwala	2016-04-08 15:59:44 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected
Huzaifa S. Sidhpurwala	2016-04-08 16:03:06 UTC	Depends On		1325382
Huzaifa S. Sidhpurwala	2016-04-08 16:03:18 UTC	Depends On		1325383
Huzaifa S. Sidhpurwala	2016-04-08 16:03:28 UTC	Depends On		1325384
Huzaifa S. Sidhpurwala	2016-04-08 16:03:40 UTC	Depends On		1325385
Huzaifa S. Sidhpurwala	2016-04-09 05:14:58 UTC	Doc Text		An authentication flaw was found in Samba. When Samba is configured to act as a Domain Controller, it allows remote attackers to spoof the end point of the secure communication channel. The attacker could exploit this flaw to obtain sensitive session information by running a crafted application and leveraging the ability to sniff network traffic.
Huzaifa S. Sidhpurwala	2016-04-09 08:44:21 UTC	Doc Text	An authentication flaw was found in Samba. When Samba is configured to act as a Domain Controller, it allows remote attackers to spoof the end point of the secure communication channel. The attacker could exploit this flaw to obtain sensitive session information by running a crafted application and leveraging the ability to sniff network traffic.	It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.
Huzaifa S. Sidhpurwala	2016-04-10 11:15:59 UTC	Depends On		1325645
Huzaifa S. Sidhpurwala	2016-04-10 11:23:48 UTC	Depends On		1325649
Huzaifa S. Sidhpurwala	2016-04-10 11:24:03 UTC	Depends On		1325650
Huzaifa S. Sidhpurwala	2016-04-10 11:24:15 UTC	Depends On		1325651
Huzaifa S. Sidhpurwala	2016-04-11 05:29:45 UTC	Whiteboard	impact=moderate,public=no,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected
Martin Prpič	2016-04-11 07:12:12 UTC	Doc Text	It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.	It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.
Huzaifa S. Sidhpurwala	2016-04-11 10:33:48 UTC	Whiteboard	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected,rhel-5.6.z/samba3x=affected,rhel-5.9.z/samba3x=affected
Huzaifa S. Sidhpurwala	2016-04-11 10:37:14 UTC	Depends On		1325832
Huzaifa S. Sidhpurwala	2016-04-11 10:39:10 UTC	Depends On		1325838
Jose A. Rivera	2016-04-12 12:29:03 UTC	Status	NEW	ON_QA
Jose A. Rivera	2016-04-12 12:29:03 UTC	Fixed In Version		4.2.11-1
Tomas Hoger	2016-04-12 12:38:25 UTC	Status	ON_QA	NEW
Tomas Hoger	2016-04-12 12:38:25 UTC	Fixed In Version	4.2.11-1
Huzaifa S. Sidhpurwala	2016-04-12 14:20:59 UTC	Depends On		1326361
Huzaifa S. Sidhpurwala	2016-04-12 14:21:27 UTC	Depends On		1326362
Huzaifa S. Sidhpurwala	2016-04-12 14:22:06 UTC	Depends On		1326364
Huzaifa S. Sidhpurwala	2016-04-12 14:22:14 UTC	Depends On		1326365
Huzaifa S. Sidhpurwala	2016-04-12 14:26:29 UTC	Depends On		1326368
Huzaifa S. Sidhpurwala	2016-04-12 14:26:48 UTC	Depends On		1326369
Huzaifa S. Sidhpurwala	2016-04-12 14:29:52 UTC	Depends On		1326370
Huzaifa S. Sidhpurwala	2016-04-12 17:10:59 UTC	Group	security, qe_staff
Huzaifa S. Sidhpurwala	2016-04-12 17:10:59 UTC	Summary	EMBARGOED CVE-2016-2112 samba: Missing downgrade detection	CVE-2016-2112 samba: Missing downgrade detection
Siddharth Sharma	2016-04-12 17:27:46 UTC	Depends On		1326453
Tomas Hoger	2016-04-12 20:34:36 UTC	Fixed In Version		samba 4.4.2, samba 4.3.8, samba 4.2.11
Tomas Hoger	2016-04-13 11:56:19 UTC	Depends On	1326369
Tomas Hoger	2016-04-13 11:58:53 UTC	Depends On	1326368
Tomas Hoger	2016-04-13 11:59:04 UTC	Depends On	1326370
Tomas Hoger	2016-04-13 12:03:03 UTC	Depends On	1326365
Tomas Hoger	2016-04-13 12:03:11 UTC	Depends On	1326364
Tomas Hoger	2016-04-13 12:03:13 UTC	Depends On	1326362
Tomas Hoger	2016-04-13 12:03:17 UTC	Depends On	1326361
Tomas Hoger	2016-04-13 12:48:04 UTC	Fixed In Version	samba 4.4.2, samba 4.3.8, samba 4.2.11	samba 4.4.1, samba 4.3.7, samba 4.2.10
Huzaifa S. Sidhpurwala	2016-04-14 09:38:48 UTC	Whiteboard	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=affected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=affected,rhel-5.6.z/samba=affected,rhel-5.9.z/samba=affected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected,rhel-5.6.z/samba3x=affected,rhel-5.9.z/samba3x=affected	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=notaffected,rhel-5.6.z/samba=notaffected,rhel-5.9.z/samba=notaffected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected,rhel-5.6.z/samba3x=affected,rhel-5.9.z/samba3x=affected
Huzaifa S. Sidhpurwala	2016-04-19 05:28:39 UTC	Status	NEW	CLOSED
		Resolution	---	ERRATA
		Last Closed		2016-04-19 01:28:39 UTC
Product Security DevOps Team	2019-09-29 13:45:06 UTC	Whiteboard	impact=moderate,public=20160412,reported=20160224,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-300,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba4=affected,rhel-6/samba=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,rhel-4/samba=notaffected,rhel-5.6.z/samba=notaffected,rhel-5.9.z/samba=notaffected,rhel-6.2.z/samba=affected,rhel-6.4.z/samba=affected,rhel-6.5.z/samba=affected,rhel-6.6.z/samba=affected,rhel-7.1.z/samba=affected,rhel-6.2.z/samba4=affected,rhel-6.4.z/samba4=affected,rhel-6.5.z/samba4=affected,rhel-6.6.z/samba4=affected,rhel-5.6.z/samba3x=affected,rhel-5.9.z/samba3x=affected

Back to bug 1311903