CVE-2016-0771

Published

6 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.9/10
Exploit Score: 6.8/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: Single
Impact Score: 4.9/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: None

CVSSv3.1 Score

Severity: Medium
Base Score: 5.9/10
Exploit Score: 1.6/10
Access Vector: Network
Access Complexity: High
Privileges Required: Low
Impact Score: 4.2/10
Confidentiality Impact: Low
Availability Impact: High
Integrity Impact: None
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:samba:samba:4.2.6:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.9:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.4.0:rc3::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.0.14:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.24:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.16:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.12:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.2:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.0:rc3::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.1.14:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.3.4:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.0:rc2::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.0.6:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.21:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.13:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.22:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.1:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.6:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.5:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.3:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.17:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.4:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.8:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.7:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.19:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.11:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.4.0:rc1::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.3.0:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.22:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.16:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.3.3:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.5:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.0:rc1::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.1.21:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.20:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.13:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.8:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.7:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.20:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.4.0:rc2::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.3.2:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.2:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.18:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.17:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.10:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.1:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.18:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.10:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.1:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.8:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.7:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.3:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.2:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.19:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.11:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.5:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.4:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.12:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.3.5:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.3.1:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.2.0:rc4::::::	Yes	-	-
cpe:2.3:a:samba:samba:4.1.4:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.3:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.15:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.1.0:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.9:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.23:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.15:::::::*	Yes	-	-
cpe:2.3:a:samba:samba:4.0.0:::::::*	Yes	-	-

References

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Supported by industry-leading vulnerability intelligence and CompTIA PenTest+ professionals, Mageni puts security expertise in your hands.

Internal and External Scans

Scan your internal and public assets for vulnerabilities.

Remediate

Get the recommendations to mitigate the risks and vulnerabilities.

Secure your Applications

Scan third-party applications like Java, Chrome, Adobe and more.

Comprehensive Coverage

Scan servers, workstations and network devices for vulnerabilities.

Report and Analyze

Receive a report of the vulnerabilities that affect your assets.

More visibility

Perform non-credentialed or credentialed scans.

Prioritize

Prioritize the vulnerabilities based on CVSS, severity and other variables.

SSL Certificates

Improve the security of your secure layer and certificates.

CVE-2016-0771

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial

Product

Customer Service

Company

Compliance

CVE-2016-0771

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial