USN-3158-1: Samba vulnerabilities
USN-3158-1: Samba vulnerabilities Ubuntu Security Notice USN-3158-1 19th December, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Frederic Besler and others discovered that the ndr_pull_dnsp_namfunction in Samba contained an integer overflow. An authenticatedattacker could use this to gain administrative privileges. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.(CVE-2016-2123) Simo Sorce discovered that that Samba clients always requesteda forwardable ticket when using Kerberos authentication. Anattacker could use this to impersonate an authenticated user orservice. (CVE-2016-2125) Volker Lendecke discovered that Kerberos PAC validation implementationin Samba contained multiple vulnerabilities. An authenticated attackercould use this to cause a denial of service or [ more… ]