#VU6629 Buffer overflow in Samba - CVE-2016-2126


Vulnerability identifier: #VU6629

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2126

CWE-ID: CWE-119

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote authenticated attacker to escalate privileges.

The vulnerability exists due to a boundary error within Kerberos PAC validation process in winbindd. A remote authenticated attacker can send a specially crafted request to vulnerable Samba server, trigger buffer overflow and execute arbitrary code on the server with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with elevated privileges.

Mitigation
The vulnerability is fixed in the following versions: 4.5.3, 4.4.8 and 4.3.13.

Vulnerable software versions

Samba: 4.0.0 - 4.0.26, 4.1.0 - 4.1.23, 4.2.0 - 4.2.14, 4.3.0 - 4.3.12, 4.4.0 rc4 - 4.4.13, 4.5.0 - 4.5.2

External links
https://www.samba.org/samba/security/CVE-2016-2126.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for samba
Red Hat update for samba
CentOS update for samba
Red Hat update for Red Hat Gluster Storage 3.2.0 samba
Red Hat update for Red Hat Gluster Storage 3.2.0 samba
Red Hat update for samba4
Red Hat update for samba
Buffer overflow in samba (Alpine package)
Slackware Linux update for samba
Arch Linux update for samba