FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
3.6.0 <= samba36 <= 3.6.25_4
4.0.0 <= samba4 <= 4.0.26
4.1.0 <= samba41 <= 4.1.23
4.2.0 <= samba42 <= 4.2.14
4.3.0 <= samba43 < 4.3.13
4.4.0 <= samba44 < 4.4.8
4.5.0 <= samba45 < 4.5.3

Details

VuXML ID e4bc323f-cc73-11e6-b704-000c292e4fd8
Discovery 2016-12-19
Entry 2016-12-26
Modified 2016-12-26

Samba team reports:

[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.

[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.

[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

References

CVE Name CVE-2016-2123
CVE Name CVE-2016-2125
CVE Name CVE-2016-2126
URL https://www.samba.org/samba/security/CVE-2016-2123.html
URL https://www.samba.org/samba/security/CVE-2016-2125.html
URL https://www.samba.org/samba/security/CVE-2016-2126.html