EUVD-2016-3229

Malware in sbrugna...

K03644631: Samba vulnerability CVE-2016-2126

Security Advisory Description Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local...

SUSE CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

CVE-2016-2126

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

NewStart CGSL MAIN 4.05 : samba4 Multiple Vulnerabilities (NS-SA-2019-0100)

The remote NewStart CGSL host, running version MAIN 4.05, has samba4 packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the...

MGASA-2017-0145 Updated samba packages fix security vulnerability

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process CVE-2016-2126. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

Privilege escalation

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

CVE-2016-2126

CVE-2016-2126 affects Samba 4.0.0 through 4.5.2, caused by incorrect handling of the PAC checksum in winbindd. A remote, authenticated user could trigger a crash of the winbindd process via a legitimate Kerberos ticket, and a local service with access to the winbindd privileged pipe could cause w...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

samba4 security update

CentOS Errata and Security Advisory CESA-2017:0744 An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.3.x prior to 4.3.13, 4.4.x prior to 4.4.8, or 4.5.x prior to 4.5.3. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the ndrpulldnspname function in ndrdnsp.c that is triggered when handling 'dnsRecord'...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

Cryptographic Issues

Overview Affected versions of this package are vulnerable to Cryptographic Issues. MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other...

krb5: multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007)

MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via 1 an unkeyed checksum, 2 an unkeyed PAC checksum, or 3 a KrbFastArmoredRe...

krb5 -- unkeyed PAC checksum handling vulnerability

The MIT Kerberos team reports: MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents t...