Samba DNS Server Denial of Service and Information Disclosure Vulnerability

Samba DNS Server Denial of Service and Information Disclosure Vulnerability

CVE-2016-0771 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:N/A:P

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

Learn more about our Cis Benchmark Audit For Server Software.