Memory Corruption Vulnerability in Samba Affected by Remote Privilege Escalation
CVE-2016-2123

8.8HIGH

Key Information:

Vendor

[UNKNOWN]

Status
samba
Vendor
CVE Published:
1 November 2018

What is CVE-2016-2123?

A flaw exists in Samba versions 4.0.0 to 4.5.2 due to an integer wrap issue in the ndr_pull_dnsp_name function, allowing for an attacker-controlled memory overwrite. This arises when data is parsed from the Samba Active Directory ldb database. Since all authenticated LDAP users can write to the dnsRecord attribute by default, exploiting this vulnerability can lead to an unauthorized escalation of privileges. It is crucial for users of affected versions to apply security updates promptly to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

samba versions 4.0.0 to 4.5.2

References

https://www.samba.org/samba/security/CVE-2016-2123.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94970
vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.