The Samba-Bugzilla – Attachment 11829 Details for
Bug 11686
[SECURITY] CVE-2016-0771: Read of uninitialized memory DNS TXT handling
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
CVE Description
CVE-2016-0771-description.garming01.txt (text/plain), 1.72 KB, created by
Garming Sam
on 2016-02-10 09:28:38 UTC
(
hide
)
Description:
CVE Description
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2016-02-10 09:28:38 UTC
Size:
1.72 KB
patch
obsolete
>=========================================================== >== Subject: Out-of-bounds read in internal DNS server >== >== CVE ID#: CVE-2016-0771 >== >== Versions: Samba 4.0.0 to 4.4.0rc2 >== >== Summary: Malicious request can cause the Samba internal >== DNS server to crash or unintentionally return >== uninitialized memory. >== >=========================================================== > >=========== >Description >=========== > >All versions of Samba from 4.0.0 to 4.4.0rc2 inclusive, when deployed as >an AD DC and choose to run the internal DNS server, are vulnerable to an >out-of-bounds read issue during DNS TXT record handling caused by users >with permission to modify DNS records. > >A malicious client can upload a specially constructed DNS TXT record, >resulting in a remote denial-of-service attack. As long as the affected >TXT record remains undisturbed in the Samba database, a targeted DNS >query may continue to trigger this exploit. > >While unlikely, the out-of-bounds read may bypass safety checks and >allow leakage of memory from the server in the form of a DNS TXT reply. > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.3.5, 4.2.9 and 4.1.23 have been issued as security >releases to correct the defect. Samba vendors and administrators running >affected versions are advised to upgrade or apply the patch as soon as >possible. > >========== >Workaround >========== > >Use of the BIND DNS backend will avoid this issue. > >======= >Credits >======= > >This problem was found by Garming Sam and Douglas Bagnall of Catalyst IT >(www.catalyst.net.nz), with collaboration from the Samba-Team to provide >the fix.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11829">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 11686
:
11799
|
11824
|
11825
|
11826
|
11827
|
11828
|
11829
|
11850
|
11851
|
11852
|
11853
|
11854
|
11855