CVE-2016-2126 - log back

CVE-2016-2126 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Privilege escalation
Description
+ A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
+ For the remote attack, the memory overwrite kills the main winbindd process and an authenticated attacker can construct this situation by watching for password changes in Samba.
+ One specific trigger occurs when winbindd changes its machine account password and the client has still a valid Kerberos ticket (that was encrypted with the old password).
References
+ https://www.samba.org/samba/security/CVE-2016-2126.html
Notes