CVE-2016-0771: Buffer Overflow
First published: Sun Mar 13 2016(Updated: )
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | =4.0.0 | |
| Samba | =4.0.1 | |
| Samba | =4.0.2 | |
| Samba | =4.0.3 | |
| Samba | =4.0.4 | |
| Samba | =4.0.5 | |
| Samba | =4.0.6 | |
| Samba | =4.0.7 | |
| Samba | =4.0.8 | |
| Samba | =4.0.9 | |
| Samba | =4.0.10 | |
| Samba | =4.0.11 | |
| Samba | =4.0.12 | |
| Samba | =4.0.13 | |
| Samba | =4.0.14 | |
| Samba | =4.0.15 | |
| Samba | =4.0.16 | |
| Samba | =4.0.17 | |
| Samba | =4.0.18 | |
| Samba | =4.0.19 | |
| Samba | =4.0.20 | |
| Samba | =4.0.21 | |
| Samba | =4.0.22 | |
| Samba | =4.0.23 | |
| Samba | =4.0.24 | |
| Samba | =4.1.0 | |
| Samba | =4.1.1 | |
| Samba | =4.1.2 | |
| Samba | =4.1.3 | |
| Samba | =4.1.4 | |
| Samba | =4.1.5 | |
| Samba | =4.1.6 | |
| Samba | =4.1.7 | |
| Samba | =4.1.8 | |
| Samba | =4.1.9 | |
| Samba | =4.1.10 | |
| Samba | =4.1.11 | |
| Samba | =4.1.12 | |
| Samba | =4.1.13 | |
| Samba | =4.1.14 | |
| Samba | =4.1.15 | |
| Samba | =4.1.16 | |
| Samba | =4.1.17 | |
| Samba | =4.1.18 | |
| Samba | =4.1.19 | |
| Samba | =4.1.20 | |
| Samba | =4.1.21 | |
| Samba | =4.1.22 | |
| Samba | =4.2.0-rc1 | |
| Samba | =4.2.0-rc2 | |
| Samba | =4.2.0-rc3 | |
| Samba | =4.2.0-rc4 | |
| Samba | =4.2.1 | |
| Samba | =4.2.2 | |
| Samba | =4.2.3 | |
| Samba | =4.2.4 | |
| Samba | =4.2.5 | |
| Samba | =4.2.6 | |
| Samba | =4.2.7 | |
| Samba | =4.2.8 | |
| Samba | =4.3.0 | |
| Samba | =4.3.1 | |
| Samba | =4.3.2 | |
| Samba | =4.3.3 | |
| Samba | =4.3.4 | |
| Samba | =4.3.5 | |
| Samba | =4.4.0-rc1 | |
| Samba | =4.4.0-rc2 | |
| Samba | =4.4.0-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
- http://www.debian.org/security/2016/dsa-3514
- http://www.securityfocus.com/bid/84273
- http://www.securitytracker.com/id/1035219
- http://www.ubuntu.com/usn/USN-2922-1
- https://bugzilla.samba.org/show_bug.cgi?id=11128
- https://bugzilla.samba.org/show_bug.cgi?id=11686
- https://www.samba.org/samba/security/CVE-2016-0771.html
Frequently Asked Questions
What is the severity of CVE-2016-0771?
CVE-2016-0771 is classified with a Medium severity due to its potential to cause denial of service and information exposure.
How can I fix CVE-2016-0771?
To fix CVE-2016-0771, update Samba to versions 4.1.23, 4.2.9, 4.3.6, or later.
Who is affected by CVE-2016-0771?
CVE-2016-0771 affects Samba versions 4.x prior to specific patch releases for various versions.
What type of vulnerability is CVE-2016-0771?
CVE-2016-0771 is a remote authenticated denial of service vulnerability.
Can CVE-2016-0771 allow information disclosure?
Yes, CVE-2016-0771 can potentially allow remote authenticated users to obtain sensitive information from the process memory.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba
- version/samba/4.0.0
- version/samba/4.0.1
- version/samba/4.0.2
- version/samba/4.0.3
- version/samba/4.0.4
- version/samba/4.0.5
- version/samba/4.0.6
- version/samba/4.0.7
- version/samba/4.0.8
- version/samba/4.0.9
- version/samba/4.0.10
- version/samba/4.0.11
- version/samba/4.0.12
- version/samba/4.0.13
- version/samba/4.0.14
- version/samba/4.0.15
- version/samba/4.0.16
- version/samba/4.0.17
- version/samba/4.0.18
- version/samba/4.0.19
- version/samba/4.0.20
- version/samba/4.0.21
- version/samba/4.0.22
- version/samba/4.0.23
- version/samba/4.0.24
- version/samba/4.1.0
- version/samba/4.1.1
- version/samba/4.1.2
- version/samba/4.1.3
- version/samba/4.1.4
- version/samba/4.1.5
- version/samba/4.1.6
- version/samba/4.1.7
- version/samba/4.1.8
- version/samba/4.1.9
- version/samba/4.1.10
- version/samba/4.1.11
- version/samba/4.1.12
- version/samba/4.1.13
- version/samba/4.1.14
- version/samba/4.1.15
- version/samba/4.1.16
- version/samba/4.1.17
- version/samba/4.1.18
- version/samba/4.1.19
- version/samba/4.1.20
- version/samba/4.1.21
- version/samba/4.1.22
- version/samba/4.2.0-rc1
- version/samba/4.2.0-rc2
- version/samba/4.2.0-rc3
- version/samba/4.2.0-rc4
- version/samba/4.2.1
- version/samba/4.2.2
- version/samba/4.2.3
- version/samba/4.2.4
- version/samba/4.2.5
- version/samba/4.2.6
- version/samba/4.2.7
- version/samba/4.2.8
- version/samba/4.3.0
- version/samba/4.3.1
- version/samba/4.3.2
- version/samba/4.3.3
- version/samba/4.3.4
- version/samba/4.3.5
- version/samba/4.4.0-rc1
- version/samba/4.4.0-rc2
- version/samba/4.4.0-rc3