CVE-2016-2123
Last modified
CVE-2016-2123 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. EPSS estimates a 6.23% chance of exploitation in the next 30 days.
Description
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.0.0, <= 4.0.26 |
| Samba | Samba | >= 4.1.0, <= 4.1.23 |
| Samba | Samba | >= 4.2.0, <= 4.2.14 |
| Samba | Samba | >= 4.3.0, < 4.3.13 |
| Samba | Samba | >= 4.4.0, < 4.4.8 |
| Samba | Samba | >= 4.5.0, < 4.5.3 |
References
- http://www.securityfocus.com/bid/94970Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037493Third Party Advisory, VDB Entry
- https://www.samba.org/samba/security/CVE-2016-2123.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/94970Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037493Third Party Advisory, VDB Entry
- https://www.samba.org/samba/security/CVE-2016-2123.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2123?
How severe is CVE-2016-2123?
How do I fix CVE-2016-2123?
Are you affected by CVE-2016-2123?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST