PT-2016-1599 · Samba Team+4 · Samba+3

Douglas Bagnall

Published

2015-04-01

Updated

2024-06-15

CVE-2016-0771

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions 4.1.x through 4.1.22 Samba versions 4.2.x through 4.2.8 Samba versions 4.3.x through 4.3.5 Samba versions 4.4.x through 4.4.0rc3

Description The internal DNS server in Samba, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. This issue is caused by a buffer overflow.

Recommendations For Samba versions 4.1.x through 4.1.22, update to version 4.1.23 or later. For Samba versions 4.2.x through 4.2.8, update to version 4.2.9 or later. For Samba versions 4.3.x through 4.3.5, update to version 4.3.6 or later. For Samba versions 4.4.x through 4.4.0rc3, update to version 4.4.0rc4 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1347

ALT-PU-2016-1196

ALT-PU-2016-1197

BDU:2016-00900

CVE-2016-0771

DSA-3514-1

ECHO-3D57-486C-D5A0

OPENSUSE-SU-2016_0813-1

OPENSUSE-SU-2024:10069-1

USN-2922-1

Affected Products

Alt Linux

Samba

Suse

Ubuntu

PT-2016-1599 · Samba Team+4 · Samba+3

CVE-2016-0771

Weakness Enumeration

Related Identifiers

Affected Products

References · 79