AVG-111 log
| Package | samba |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 4.5.2-1 |
| Fixed | 4.5.3-1 |
| Current | 2:4.23.3-2 [extra] |
| Ticket | FS#52219 |
| Created | Wed Dec 21 00:02:05 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-2126 | Medium | Yes | Privilege escalation | A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.... |
| CVE-2016-2125 | Medium | Yes | Authentication bypass | Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or... |
| CVE-2016-2123 | Critical | Yes | Arbitrary code execution | The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 22 Dec 2016 | ASA-201612-19 | samba | multiple issues |