SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba Out-of-Bounds Read Error Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1035219
SecurityTracker URL:  http://securitytracker.com/id/1035219
CVE Reference:   CVE-2016-0771   (Links to External Site)
Date:  Mar 9 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.0 to 4.4.0rc3
Description:   A vulnerability was reported in Samba. A remote user can cause the target service to crash. A remote user can obtain potentially sensitive information on the target system.

A remote user with the ability to modify DNS TXT records can provide a specially crafted DNS TXT record that, when queried by another user, will trigger an out-of-bounds memory read error and return memory from the target system or cause the target DNS service to crash.

Systems configured as an Active Directory Domain Controller and running an internal DNS server are affected.

The ability to modify DNS TXT records is restricted to authenticated users by default.

Garming Sam and Douglas Bagnall of Catalyst IT (www.catalyst.net.nz) reported this vulnerability.

Impact:   A remote user can cause the target service to crash.

A remote user can obtain potentially sensitive information from system memory.

Solution:   The vendor has issued a fix (4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23).

The vendor's advisory is available at:

https://www.samba.org/samba/security/CVE-2016-0771.html

Vendor URL:  www.samba.org/samba/security/CVE-2016-0771.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 9 2016 (Ubuntu Issues Fix) Samba Out-of-Bounds Read Error Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC