CVE-2016-2123 Ubuntu Security Notification for Samba Vulnerabilities (USN-3158

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow.

It was discovered that Samba clients always requested a forwardable ticket when using Kerberos authentication.

It was discovered that Kerberos PAC validation implementation in Samba contained multiple vulnerabilities.

漏洞危害

An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123)

An attacker could use this to impersonate an authenticated user or service. (CVE-2016-2125)

An authenticated attacker could use this to cause a denial of service or gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2126)

Leave a Reply