- Home
- CVEs with nessus.description==The version of Samba running on the remote host is 4.3.x prior to 4.3.13, 4.4.x prior to 4.4.8, or 4.5.x prior to 4.5.3. It is, therefore, affected by multiple vulnerabilities :
- An overflow condition exists in the ndr_pull_dnsp_name() function in ndr_dnsp.c that is triggered when handling 'dnsRecord' attributes of DNS objects. An authenticated, remote attacker can exploit this, via a specially crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2123)
- A flaw exists in the client code when performing Kerberos authentication due to always requesting a forwardable Kerberos ticket. An adjacent attacker can exploit this to cause a service accepting the AP-REQ from the client to perform the same actions as the client within the Kerberos TGT, allowing the attacker to impersonate an authenticated user or service.
(CVE-2016-2125)
- A denial of service vulnerability exists in the check_pac_checksum() function in kerberos_pac.c due to improper handling of the arcfour-hmac-md5 PAC (Privilege Attribute Certificate) checksum. An authenticated, remote attacker can exploit this to corrupt memory, resulting in a crash of the winbindd process. (CVE-2016-2126)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top