Bug 1309978 - (CVE-2016-0771) CVE-2016-0771 samba: Out-of-bounds read in internal DNS server
CVE-2016-0771 samba: Out-of-bounds read in internal DNS server
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 1309971
  Show dependency treegraph
Reported: 2016-02-19 01:52 EST by Huzaifa S. Sidhpurwala
Modified: 2016-03-15 07:33 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-09 04:07:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2016-02-19 01:52:19 EST
As per upstream samba advisory:

All versions of Samba from 4.0.0 to 4.4.0rc2 inclusive, when deployed as an AD DC and choose to run the internal DNS server, are vulnerable to an out-of-bounds read issue during DNS TXT record handling caused by users with permission to modify DNS records.

A malicious client can upload a specially constructed DNS TXT record, resulting in a remote denial-of-service attack. As long as the affected TXT record remains undisturbed in the Samba database, a targeted DNS query may continue to trigger this exploit.

While unlikely, the out-of-bounds read may bypass safety checks and allow leakage of memory from the server in the form of a DNS TXT reply.


Red Hat would like to thank the samba project for reporting this issue. Upstream acknowledges Garming Sam and Douglas Bagnall as the original reporters of this issue.
Comment 1 Huzaifa S. Sidhpurwala 2016-03-08 23:37:50 EST
External References:


Note You need to log in before you can comment on or make changes to this bug.