CVE-2016-2125

Source
Severity Medium
Remote Yes
Type Authentication bypass
Description
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.
The risks of impersonation of the client are similar to the well known risks from forwarding of NTLM credentials, with two important differences:
- NTLM forwarding can and should be mitigated with packet signing
- Kerberos forwarding can only be attempted after the trusted destination server decrypts the ticket.
Group Package Affected Fixed Severity Status Ticket
AVG-111 samba 4.5.2-1 4.5.3-1 Critical Fixed FS#52219
Date Advisory Group Package Severity Description
22 Dec 2016 ASA-201612-19 AVG-111 samba Critical multiple issues
References
https://www.samba.org/samba/security/CVE-2016-2125.html