Volker Lendecke

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.7.3 **Description** The issue is related to the failure of the server to clear allocated heap memory, which can be leveraged by remote attackers to obtain sensitive information. This is also described as a buffer data boundary operation issue, where exploitation can allow a remote attacker to access confidential data. **Recommendations** For Samba versions prior to 4.7.3, update to version 4.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.0.0 through 4.5.2 **Description** The issue is related to the incorrect handling of the PAC (Privilege Attribute Certificate) checksum in the implementation of the Kerberos protocol in Samba. This can be exploited by a remote, authenticated attacker to cause the winbindd process to crash using a legitimate Kerberos ticket, potentially leading to privilege elevation. A local service with access to the winbindd privileged pipe can also cause winbindd to cache elevated access permissions, further exacerbating the issue. The vulnerability can result in a denial of service and potentially allow an attacker to gain elevated privileges. **Recommendations** For Samba versions 4.0.0 through 4.5.2, consider restricting access to the winbindd privileged pipe to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the use of Kerberos tickets in the affected Samba versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.3.15 Samba versions prior to 3.4.12 Samba versions prior to 3.5.7 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information. This can be achieved by opening a large number of files, which may result in stack memory corruption, an infinite loop, or daemon crash. The exploitation can be related to Winbind or smbd. **Recommendations** For Samba versions prior to 3.3.15, update to version 3.3.15 or later. For Samba versions prior to 3.4.12, update to version 3.4.12 or later. For Samba versions prior to 3.5.7, update to version 3.5.7 or later.