Memory Corruption Vulnerability in Samba Affected by Remote Privilege Escalation
CVE-2016-2123

8.8HIGH

Key Information:

Vendor: [unknown]
Status: Samba
Vendor: CVE Published:; 1 November 2018

What is CVE-2016-2123?

A flaw exists in Samba versions 4.0.0 to 4.5.2 due to an integer wrap issue in the ndr_pull_dnsp_name function, allowing for an attacker-controlled memory overwrite. This arises when data is parsed from the Samba Active Directory ldb database. Since all authenticated LDAP users can write to the dnsRecord attribute by default, exploiting this vulnerability can lead to an unauthorized escalation of privileges. It is crucial for users of affected versions to apply security updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

samba versions 4.0.0 to 4.5.2

References

https://www.samba.org/samba/security/CVE-2016-2123.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94970

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2018
Vulnerability Reserved
Jan 29, 2016

CVE-2016-2123 Data

JSON

[unknown]

What is CVE-2016-2123?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline