Description: 由于winbindd_pam_auth_crap.c中的长度检查不足,Samba中发现越界读取漏洞。执行NTLM身份验证时,客户端会将加密质询回复给服务器。这些回复的长度可变,并且Winbind无法检查LAN管理器响应长度。当Winbind用于NTLM身份验证时,恶意制作的请求可能会触发Winbind中的越界读取,可能导致崩溃。 Broken commit info: Bugfix commit info: https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.11-security-2023-07-19.patch https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.10-security-2023-07-19.patch https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.18.5-security-2023-07-19.patch
PR: https://gitee.com/src-anolis-os/samba/pulls/36