This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Samba server is affected by multiple vulnerabilities.
The version of Samba running on the remote host is 4.3.x prior to
4.3.13, 4.4.x prior to 4.4.8, or 4.5.x prior to 4.5.3. It is,
therefore, affected by multiple vulnerabilities :
- An overflow condition exists in the ndr_pull_dnsp_name()
function in ndr_dnsp.c that is triggered when handling
'dnsRecord' attributes of DNS objects. An authenticated,
remote attacker can exploit this, via a specially
crafted request, to cause a heap-based buffer overflow,
resulting in a denial of service condition or the
execution of arbitrary code. (CVE-2016-2123)
- A flaw exists in the client code when performing
Kerberos authentication due to always requesting a
forwardable Kerberos ticket. An adjacent attacker can
exploit this to cause a service accepting the AP-REQ
from the client to perform the same actions as the
client within the Kerberos TGT, allowing the attacker to
impersonate an authenticated user or service.
- A denial of service vulnerability exists in the
check_pac_checksum() function in kerberos_pac.c due to
improper handling of the arcfour-hmac-md5 PAC
(Privilege Attribute Certificate) checksum. An
authenticated, remote attacker can exploit this to
corrupt memory, resulting in a crash of the winbindd
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Samba version 4.3.13 / 4.4.8 / 4.5.3 or later.
Alternatively, apply the vendor-supplied security patch referenced in
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 6.7
Public Exploit Available : false