Alpine: samba: security update to 4.4.5-r2

high Tenable Self-Hosted Container Security Plugin ID 407099

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an
integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data
from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP
can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord
attribute on new DNS objects. This makes the defect a remote privilege escalation. (CVE-2016-2123)

- It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when
using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently
use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)

- Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC
(Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd
process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd
privileged pipe can cause winbindd to cache elevated access permissions. (CVE-2016-2126)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-2123

https://security.alpinelinux.org/vuln/CVE-2016-2125

https://security.alpinelinux.org/vuln/CVE-2016-2126

Plugin Details

Severity: High

ID: 407099

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.09

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2016-2123

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/19/2016

Reference Information

CVE: CVE-2016-2123, CVE-2016-2125, CVE-2016-2126

BID: 94970, 94988, 94994

IAVA: 2016-A-0353-S