AVG-111 log
Package | samba |
Status | Fixed |
Severity | Critical |
Type | multiple issues |
Affected | 4.5.2-1 |
Fixed | 4.5.3-1 |
Current |
2:4.21.2-3 [extra-testing] 2:4.21.2-1 [extra] |
Ticket | FS#52219 |
Created | Wed Dec 21 00:02:05 2016 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2016-2126 | Medium | Yes | Privilege escalation | A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.... |
CVE-2016-2125 | Medium | Yes | Authentication bypass | Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or... |
CVE-2016-2123 | Critical | Yes | Arbitrary code execution | The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data... |
Date | Advisory | Package | Type |
---|---|---|---|
22 Dec 2016 | ASA-201612-19 | samba | multiple issues |