AVG-111

Package samba
Status Fixed
Severity Critical
Type multiple issues
Affected 4.5.2-1
Fixed 4.5.3-1
Current 4.8.2-2 [extra]
Ticket FS#52219
Created Wed Dec 21 00:02:05 2016
Issue Severity Remote Type Description
CVE-2016-2126 Medium Yes Privilege escalation
A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum....
CVE-2016-2125 Medium Yes Authentication bypass
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or...
CVE-2016-2123 Critical Yes Arbitrary code execution
The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data...
Date Advisory Package Description
22 Dec 2016 ASA-201612-19 samba multiple issues