Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:
Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123)
Simo Sorce discovered that that Samba clients always requested a forwardable ticket when using Kerberos authentication. An attacker could use this to impersonate an authenticated user or service. (CVE-2016-2125)
Volker Lendecke discovered that Kerberos PAC validation implementation in Samba contained multiple vulnerabilities. An authenticated attacker could use this to cause a denial of service or gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2126)
Samba team reports:
[CVE-2016-2123] Authenicated users can supply malicious dnsRecord attributes
on DNS objects and trigger a controlled memory corruption.
[CVE-2016-2125] Samba client code always requests a forwardable ticket
when using Kerberos authentication. This means the target server, which must be in the current or trusted
domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to
fully impersonate the authenticated user or service.
[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process
to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.
A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
This CVE is addressed in the SUSE advisories SUSE-SU-2016:3271-1, SUSE-SU-2016:3272-1