SB2016031403 - Buffer overflow in Samba
Published: March 14, 2016 Updated: July 28, 2020
Security Bulletin ID
SB2016031403
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-0771)
The vulnerability allows a remote authenticated user to #BASIC_IMPACT#.
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
- http://www.debian.org/security/2016/dsa-3514
- http://www.securityfocus.com/bid/84273
- http://www.securitytracker.com/id/1035219
- http://www.ubuntu.com/usn/USN-2922-1
- https://bugzilla.samba.org/show_bug.cgi?id=11128
- https://bugzilla.samba.org/show_bug.cgi?id=11686
- https://www.samba.org/samba/security/CVE-2016-0771.html