PT-2016-1599 · Samba Team+4 · Samba+3

Douglas Bagnall

Publicado

2015-04-01

Atualizado

2024-06-15

CVE-2016-0771

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions 4.1.x through 4.1.22 Samba versions 4.2.x through 4.2.8 Samba versions 4.3.x through 4.3.5 Samba versions 4.4.x through 4.4.0rc3

Description The internal DNS server in Samba, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. This issue is caused by a buffer overflow.

Recommendations For Samba versions 4.1.x through 4.1.22, update to version 4.1.23 or later. For Samba versions 4.2.x through 4.2.8, update to version 4.2.9 or later. For Samba versions 4.3.x through 4.3.5, update to version 4.3.6 or later. For Samba versions 4.4.x through 4.4.0rc3, update to version 4.4.0rc4 or later.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-1347

ALT-PU-2016-1196

ALT-PU-2016-1197

BDU:2016-00900

CVE-2016-0771

DSA-3514-1

ECHO-3D57-486C-D5A0

OPENSUSE-SU-2016_0813-1

OPENSUSE-SU-2024:10069-1

USN-2922-1

Produtos afetados

Alt Linux

Samba

Suse

Ubuntu

PT-2016-1599 · Samba Team+4 · Samba+3

CVE-2016-0771

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 79