Buffer overflow in Samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-0771 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Samba Server applications / Directory software, identity management |
| Vendor | Samba |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU32319
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0771
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to #BASIC_IMPACT#.
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamba: 3.4.0 - 4.1.22
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
http://www.debian.org/security/2016/dsa-3514
http://www.securityfocus.com/bid/84273
http://www.securitytracker.com/id/1035219
http://www.ubuntu.com/usn/USN-2922-1
http://bugzilla.samba.org/show_bug.cgi?id=11128
http://bugzilla.samba.org/show_bug.cgi?id=11686
http://www.samba.org/samba/security/CVE-2016-0771.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
