Launchpad.net

CVE 2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Related bugs and status

CVE-2016-2123 (Candidate) is related to these bugs:

Bug #1584485: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS

		In	Importance	Status
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu)	High	Fix Released
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu Trusty)	High	Fix Released
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu Xenial)	High	Fix Committed
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu Yakkety)	High	Fix Committed
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Debian)	Unknown	Fix Released
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu Bionic)	Undecided	Triaged
1584485	Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS	samba (Ubuntu Focal)	Undecided	Triaged

Bug #1635491: nmbd hangs on service start if only the loopback interface is configured

Summary				In	Importance	Status
	1635491	nmbd hangs on service start if only the loopback interface is configured		samba (Ubuntu)	High	Fix Released
	1635491	nmbd hangs on service start if only the loopback interface is configured		samba (Debian)	Unknown	Fix Released

Bug #1639962: smbd crashed on startup with newest libtevent

Summary				In	Importance	Status
	1639962	smbd crashed on startup with newest libtevent		samba (Ubuntu)	Critical	Fix Released
	1639962	smbd crashed on startup with newest libtevent		samba	Unknown	Unknown

Bug #1659707: Please merge with Debian unstable 2:4.5.4+dfsg-1

Summary				In	Importance	Status
	1659707	Please merge with Debian unstable 2:4.5.4+dfsg-1		samba (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2123

Related bugs and status

Related bugs

References