Main Vulnerability Database SB2016031508

SB2016031508 - Buffer overflow in samba (Alpine package)

Published: March 15, 2016

Security Bulletin ID SB2016031508

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2016-0771)

The vulnerability allows a remote authenticated user to #BASIC_IMPACT#.

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=28c16dde691b571c23ec2674ca1653901ba30bc5
https://git.alpinelinux.org/aports/commit/?id=090786571b7ca65b5494d0d389da987fbca799e3
https://git.alpinelinux.org/aports/commit/?id=e44afa81c87bd2e939a9335a4a0f79e9d2e29a6b